From patchwork Sun Mar 22 21:08:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggert X-Patchwork-Id: 132161 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id E9B2A4BB3BB8 for ; Sun, 22 Mar 2026 21:09:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E9B2A4BB3BB8 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=cs.ucla.edu header.i=@cs.ucla.edu header.a=rsa-sha256 header.s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C header.b=fylNnu3g X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66]) by sourceware.org (Postfix) with ESMTPS id EDB564BAD150 for ; Sun, 22 Mar 2026 21:09:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EDB564BAD150 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EDB564BAD150 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=131.179.128.66 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774213748; cv=none; b=B/7oiVNtcUnRrAIbxpazO2pguC7Cmk/PPWV4r2V2pXfpTW3dKZtNhCTjSLCSML7qLK9+hWHt2CEMi8nUc14lOe1boLx/ngBGMNXhEqPxjYdb7L4uQQJlGrAnYbWiYOzjpARcihvtJ+w7L1S5zE6yIHLPyZ8OhSlz/ncIzqwIufM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774213748; c=relaxed/simple; bh=W7g+uQuwBfv/CDwL/ax23JMTNGTvgu8tc11aDhgGBuM=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=jQnqpLcQ78tp67nrhTyAwTKKhHWhsfXa9GMRt6KMb0blqEJ2FvCRgnCUlEC2+04hTzGXgD07rYofH7tiuu8DEmBVBquZGt7gRmeqnX/PbBU7hqDettRlTkMwqUwsV+ynOTzKQXBGb4NsVSbaMRmybcNPZw/rINQlBp1IGwFEAqU= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EDB564BAD150 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 9F3303C01EBB7; Sun, 22 Mar 2026 14:09:05 -0700 (PDT) Authentication-Results: mail.cs.ucla.edu (amavis); dkim=pass (2048-bit key) header.d=cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id VMMLajqMumYl; Sun, 22 Mar 2026 14:09:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 78EE43C01EBB8; Sun, 22 Mar 2026 14:09:05 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 78EE43C01EBB8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1774213745; bh=FsauZYdLzzOXR4OfWo483/t31nthsYc5HtAAD5zXYOQ=; h=From:To:Date:Message-ID:MIME-Version; b=fylNnu3g/25l21yGUJTIiDPmVhhYQKBf3sA+DOOQaTIAcsTPzqciHyni35R/N1kaa iXKjVSF46XXLKQz4qIS7wCa7jm3cgNoXLkGVm0QN753ITlcsrwXyNFk5HPEl0bHImp iy3KLKyRmeV/lGII1rAnbgDDyEK/UMtDL8G/Zc8qmXJQyVLV8qnvBOLTOj/k/qXIrE RYZ4BjcqWl+hFN4LLxe4B3B6mQuNJwKWLrASq6QMmIdO3jMlZPe79zDbM8L9KZHqdX zxm6ZCzCqhE0lfuXtVL0hGmg/kRshLbwDVV2848yyedjqo6VogL8/GQtQt7NL60P3w SrZGoov9jndEg== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id wHxfkr_qe-WF; Sun, 22 Mar 2026 14:09:05 -0700 (PDT) Received: from wing.home (47-154-25-11.fdr01.snmn.ca.ip.frontiernet.net [47.154.25.11]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 5B87C3C01EBB7; Sun, 22 Mar 2026 14:09:05 -0700 (PDT) From: Paul Eggert To: gdb-patches@sourceware.org Cc: Paul Eggert Subject: [PATCH] Fix unlikely getpkt buffer overflow Date: Sun, 22 Mar 2026 14:08:47 -0700 Message-ID: <20260322210858.46617-1-eggert@cs.ucla.edu> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, GIT_PATCH_0, KAM_EDU_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~patchwork=sourceware.org@sourceware.org Problem reported by Manish Sharma. * gdbserver/remote-utils.cc (getpkt): Do not overflow buf. --- gdbserver/remote-utils.cc | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/gdbserver/remote-utils.cc b/gdbserver/remote-utils.cc index 34801d0b76f..6634b01c2f0 100644 --- a/gdbserver/remote-utils.cc +++ b/gdbserver/remote-utils.cc @@ -979,6 +979,7 @@ getpkt (char *buf) return -1; } + bool fits_in_buf = true; bp = buf; while (1) { @@ -987,7 +988,9 @@ getpkt (char *buf) return -1; if (c == '#') break; - *bp++ = c; + *bp = c; + fits_in_buf = bp - buf < PBUFSIZ; + bp += fits_in_buf; csum += c; } *bp = 0; @@ -995,21 +998,23 @@ getpkt (char *buf) c1 = fromhex (readchar ()); c2 = fromhex (readchar ()); - if (csum == (c1 << 4) + c2) + unsigned char sentsum = (c1 << 4) + c2; + bool csum_ok = csum == sentsum; + if (csum_ok && fits_in_buf) break; + if (!csum_ok) + fprintf (stderr, "Bad checksum, sentsum=0x%x, csum=0x%x, buf=%s\n", + sentsum, csum, buf); + if (!fits_in_buf) + fprintf (stderr, "Packet too long\n"); if (cs.noack_mode) { - fprintf (stderr, - "Bad checksum, sentsum=0x%x, csum=0x%x, " - "buf=%s [no-ack-mode, Bad medium?]\n", - (c1 << 4) + c2, csum, buf); + fprintf (stderr, "[no-ack-mode, Bad medium?]\n"); /* Not much we can do, GDB wasn't expecting an ack/nac. */ break; } - fprintf (stderr, "Bad checksum, sentsum=0x%x, csum=0x%x, buf=%s\n", - (c1 << 4) + c2, csum, buf); if (!write_prim ("-", 1)) return -1; }