From patchwork Thu Jan 8 16:16:20 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Arnez X-Patchwork-Id: 4572 Received: (qmail 26546 invoked by alias); 8 Jan 2015 16:16:28 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 26533 invoked by uid 89); 8 Jan 2015 16:16:27 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=AWL, BAYES_00, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: e06smtp14.uk.ibm.com Received: from e06smtp14.uk.ibm.com (HELO e06smtp14.uk.ibm.com) (195.75.94.110) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Thu, 08 Jan 2015 16:16:27 +0000 Received: from /spool/local by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 8 Jan 2015 16:16:23 -0000 Received: from d06dlp03.portsmouth.uk.ibm.com (9.149.20.15) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 8 Jan 2015 16:16:22 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by d06dlp03.portsmouth.uk.ibm.com (Postfix) with ESMTP id 6C24A1B08049 for ; Thu, 8 Jan 2015 16:16:55 +0000 (GMT) Received: from d06av07.portsmouth.uk.ibm.com (d06av07.portsmouth.uk.ibm.com [9.149.37.248]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t08GGLN854329490 for ; Thu, 8 Jan 2015 16:16:21 GMT Received: from d06av07.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av07.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t08GGL5X022801 for ; Thu, 8 Jan 2015 11:16:21 -0500 Received: from br87z6lw.de.ibm.com (dyn-9-152-212-115.boeblingen.de.ibm.com [9.152.212.115]) by d06av07.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id t08GGKfS022779; Thu, 8 Jan 2015 11:16:20 -0500 From: Andreas Arnez To: gdb-patches@sourceware.org Cc: jan.kratochvil@redhat.com Subject: [PATCH] [PR corefiles/17808] i386: Fix internal error when prstatus in core file is too big Date: Thu, 08 Jan 2015 17:16:20 +0100 Message-ID: <874ms18cyz.fsf@br87z6lw.de.ibm.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15010816-0017-0000-0000-0000028AFB1F X-IsSubscribed: yes As reported in PR 17808, a test case with a forged (invalid) core file can crash GDB with an assertion failure. In that particular case the prstatus of an i386 core file looks like that from an AMD64 core file, i.e., it is larger than GDB would expect. The patch replaces the assertion by a warning and skips the invalid core file register section. In this way it is guaranteed that no bogus register values are read from the badly formatted section. Note that this behavior deviates from the default policy: In general, if some future kernel adds new registers to a register set, then a GDB unaware of this extension would read the known subset and just ignore the unknown bytes. gdb/ChangeLog: PR corefiles/17808 * i386-tdep.c (i386_supply_gregset): Instead of yielding an internal error on unexpected input buffer size, ignore the data and emit a warning. --- gdb/i386-tdep.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gdb/i386-tdep.c b/gdb/i386-tdep.c index 7d174c4..d02aaf2 100644 --- a/gdb/i386-tdep.c +++ b/gdb/i386-tdep.c @@ -3727,7 +3727,12 @@ i386_supply_gregset (const struct regset *regset, struct regcache *regcache, const gdb_byte *regs = gregs; int i; - gdb_assert (len == tdep->sizeof_gregset); + if (len != tdep->sizeof_gregset) + { + /* Buffer has unknown size: assume wrong format. */ + warning (_("Bad size of general register section")); + return; + } for (i = 0; i < tdep->gregset_num_regs; i++) {