gdbserver: Fix overflow detection in gdbserver
Checks
Context |
Check |
Description |
linaro-tcwg-bot/tcwg_gdb_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_gdb_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_gdb_check--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_gdb_check--master-arm |
success
|
Testing passed
|
Commit Message
> First, the boring stuff: I think that the patch is more than an obvious
> fix, so we'll need to make sure you are covered with an FSF copyright
> assignment [1]. Do you know if you (or your employer, since it looks
> like you're doing this as part of your employment) are covered with one
> already?
Yes, we recieved assignment on Dec 26 2022 (RT:1894351). Accepted by John Hsieh.
> Then, I am unable to apply your patch with git-am. It looks like you
> copy pasted the patch in your email client, which usually gives bad
> results. Are you able to use git-send-email [2]? This is the most
> trustworthy way.
Done.
> Does this create a sparse file on systems that support it? I could see
> it as a problem for some test environments if we create and leave a file
> occupying ~4GB file in the build directory. Well, two actually, there
> will be the .o and the final executable. Note that I don't have a
> better idea on how to test this...
The only way to test my patch is transferring large (>2GB) binaries.
I decided to create large binary this way.
> Do you expect this .S file to work for all architectures? It's simple,
> but I guess that the "ret" instruction doesn't exist on all
> architectures. Can you think of a way to produce a big binary that is
> not architecture-dependent at all? Maybe produce an executable, and
> then insert a large dummy section in the beginning?
"ret" removed. I have simplified binary, so now it should work for all
architectures.
Currently gdbserver uses require_int() function to
parse the requested offset (in vFile::pread
packet and the like). This function allows integers up to 0x7fffffff
(to fit in 32-bit int), however the offset (for pread
system call) has an off_t type which can be larger than
32-bit.
This patch allows require_int() function to parse offset
up to the maximum value implied by the off_t type.
---
gdb/testsuite/gdb.server/pread-offset-size.S | 23 +++++++++
.../gdb.server/pread-offset-size.exp | 50 +++++++++++++++++++
gdbserver/hostio.cc | 19 +++++--
3 files changed, 88 insertions(+), 4 deletions(-)
create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp
Comments
>>>>> "Kirill" == Kirill Radkin <kirill.radkin@syntacore.com> writes:
Thank you for the patch.
I didn't see a reply to this one.
Kirill> +template <typename T>
Kirill> static int
Kirill> -require_int (char **pp, int *value)
Kirill> +require_int (char **pp, T *value)
Kirill> {
Kirill> + constexpr bool is_signed = std::is_signed<T>::value;
Kirill> + if (!is_signed)
Kirill> + return -1;
I don't understand this early return.
If using an unsigned type here is intended to be invalid, then I think
that should be enforced at compile time.
Kirill> - if (count >= 8 || (count == 7 && firstdigit >= 0x8))
Kirill> + if (count >= max_count || (count == (max_count - 1)
Kirill> + && firstdigit >= 0x8))
Kirill> return -1;
However, it seems pretty simple to handle unsigned here as well.
thanks,
Tom
new file mode 100644
@@ -0,0 +1,23 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+ Copyright 2023 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+ .text
+ .globl _start
+_start:
+ .skip 3742415472
+ .globl f
+f:
new file mode 100644
@@ -0,0 +1,50 @@
+# Copyright (C) 2023 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Test sending of large binary files (>2 GB) from gdbserver
+# (it was unavailable earlier)
+
+load_lib gdbserver-support.exp
+
+if {![allow_gdbserver_tests]} {
+ return
+}
+
+standard_testfile .S
+
+if { [prepare_for_testing ${testfile}.exp $testfile \
+ $srcfile {debug additional_flags=-nostdlib} ] } {
+ return -1
+}
+
+gdb_exit
+gdb_start
+
+gdb_test_no_output "set remote exec-file $binfile" \
+"set remote exec-file"
+
+# Make sure we're disconnected, in case we're testing with an
+# extended-remote board, therefore already connected.
+gdb_test "disconnect" ".*"
+
+set res [gdbserver_spawn ""]
+set gdbserver_protocol [lindex $res 0]
+set gdbserver_gdbport [lindex $res 1]
+
+gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
+"Remote debugging using .*" \
+"target $gdbserver_protocol $gdbserver_gdbport"
+
+gdb_test "break f" "Breakpoint 1.*"
@@ -90,12 +90,20 @@ require_filename (char **pp, char *filename)
return 0;
}
+template <typename T>
static int
-require_int (char **pp, int *value)
+require_int (char **pp, T *value)
{
+ constexpr bool is_signed = std::is_signed<T>::value;
+ if (!is_signed)
+ return -1;
+
char *p;
int count, firstdigit;
+ /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
+ int max_count = sizeof(T) * CHAR_BIT / 4;
+
p = *pp;
*value = 0;
count = 0;
@@ -112,7 +120,8 @@ require_int (char **pp, int *value)
firstdigit = nib;
/* Don't allow overflow. */
- if (count >= 8 || (count == 7 && firstdigit >= 0x8))
+ if (count >= max_count || (count == (max_count - 1)
+ && firstdigit >= 0x8))
return -1;
*value = *value * 16 + nib;
@@ -344,7 +353,8 @@ handle_open (char *own_buf)
static void
handle_pread (char *own_buf, int *new_packet_len)
{
- int fd, ret, len, offset, bytes_sent;
+ int fd, ret, len, bytes_sent;
+ off_t offset;
char *p, *data;
static int max_reply_size = -1;
@@ -411,7 +421,8 @@ handle_pread (char *own_buf, int *new_packet_len)
static void
handle_pwrite (char *own_buf, int packet_len)
{
- int fd, ret, len, offset;
+ int fd, ret, len;
+ off_t offset;
char *p, *data;
p = own_buf + strlen ("vFile:pwrite:");