Zero supplied stat buffers in functions that pretend to stat
Commit Message
Hi all,
GDB has five places where it pretends to stat for bfd_openr_iovec.
Four of these only set the incoming buffer's st_size, leaving the
other fields unchanged, which is to say very likely populated with
random values from the stack. remote_bfd_iovec_stat was fixed in
0a93529c56714b1da3d7106d3e0300764f8bb81c; this commit fixes the
other four.
Built and and regtested on RHEL6.6 x86_64.
Ok to commit?
Cheers,
Gary
gdb/ChangeLog:
* jit.c (mem_bfd_iovec_stat): Zero supplied buffer.
* minidebug.c (lzma_stat): Likewise.
* solib-spu.c (spu_bfd_iovec_stat): Likewise.
* spu-linux-nat.c (spu_bfd_iovec_stat): Likewise.
---
gdb/ChangeLog | 7 +++++++
gdb/jit.c | 1 +
gdb/minidebug.c | 1 +
gdb/solib-spu.c | 1 +
gdb/spu-linux-nat.c | 1 +
5 files changed, 11 insertions(+), 0 deletions(-)
Comments
On 04/13/2015 10:40 PM, Gary Benson wrote:
> Hi all,
>
> GDB has five places where it pretends to stat for bfd_openr_iovec.
> Four of these only set the incoming buffer's st_size, leaving the
> other fields unchanged, which is to say very likely populated with
> random values from the stack. remote_bfd_iovec_stat was fixed in
> 0a93529c56714b1da3d7106d3e0300764f8bb81c; this commit fixes the
> other four.
>
> Built and and regtested on RHEL6.6 x86_64.
>
> Ok to commit?
Eh, how apropos for the bfd cache discussion.
OK, thanks.
Pedro Alves wrote:
> On 04/13/2015 10:40 PM, Gary Benson wrote:
> > GDB has five places where it pretends to stat for bfd_openr_iovec.
> > Four of these only set the incoming buffer's st_size, leaving the
> > other fields unchanged, which is to say very likely populated with
> > random values from the stack. remote_bfd_iovec_stat was fixed in
> > 0a93529c56714b1da3d7106d3e0300764f8bb81c; this commit fixes the
> > other four.
> >
> > Built and and regtested on RHEL6.6 x86_64.
> >
> > Ok to commit?
>
> Eh, how apropos for the bfd cache discussion.
Yeah, I've been meaning to reply to that :)
> OK, thanks.
Will push it later.
Cheers,
Gary
Gary Benson wrote:
> Pedro Alves wrote:
> > On 04/13/2015 10:40 PM, Gary Benson wrote:
> > > GDB has five places where it pretends to stat for bfd_openr_iovec.
> > > Four of these only set the incoming buffer's st_size, leaving the
> > > other fields unchanged, which is to say very likely populated with
> > > random values from the stack. remote_bfd_iovec_stat was fixed in
> > > 0a93529c56714b1da3d7106d3e0300764f8bb81c; this commit fixes the
> > > other four.
> > >
> > > Built and and regtested on RHEL6.6 x86_64.
> > >
> > > Ok to commit?
> >
> > Eh, how apropos for the bfd cache discussion.
>
> Yeah, I've been meaning to reply to that :)
>
> > OK, thanks.
>
> Will push it later.
Pushed.
Cheers,
Gary
@@ -126,6 +126,7 @@ mem_bfd_iovec_stat (struct bfd *abfd, void *stream, struct stat *sb)
{
struct target_buffer *buffer = (struct target_buffer*) stream;
+ memset (sb, 0, sizeof (struct stat));
sb->st_size = buffer->size;
return 0;
}
@@ -241,6 +241,7 @@ lzma_stat (struct bfd *abfd,
{
struct gdb_lzma_stream *lstream = stream;
+ memset (sb, 0, sizeof (struct stat));
sb->st_size = lzma_index_uncompressed_size (lstream->index);
return 0;
}
@@ -313,6 +313,7 @@ spu_bfd_iovec_stat (bfd *abfd, void *stream, struct stat *sb)
table to find the extent of the last section but that seems
pointless when the size is needed only for checks of other
parsed values in dbxread.c. */
+ memset (sb, 0, sizeof (struct stat));
sb->st_size = INT_MAX;
return 0;
}
@@ -313,6 +313,7 @@ spu_bfd_iovec_stat (struct bfd *abfd, void *stream, struct stat *sb)
table to find the extent of the last section but that seems
pointless when the size is needed only for checks of other
parsed values in dbxread.c. */
+ memset (sb, 0, sizeof (struct stat));
sb->st_size = INT_MAX;
return 0;
}