From patchwork Tue May 22 23:26:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ekurzinger@nvidia.com X-Patchwork-Id: 27413 Received: (qmail 3356 invoked by alias); 22 May 2018 23:26:27 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 3345 invoked by uid 89); 22 May 2018 23:26:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=guidlines, 9622, Erik, erik X-HELO: hqemgate15.nvidia.com Received: from hqemgate15.nvidia.com (HELO hqemgate15.nvidia.com) (216.228.121.64) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 22 May 2018 23:26:23 +0000 Received: from hqpgpgate101.nvidia.com (Not Verified[216.228.121.13]) by hqemgate15.nvidia.com (using TLS: TLSv1, AES128-SHA) id ; Tue, 22 May 2018 16:26:28 -0700 Received: from HQMAIL108.nvidia.com ([172.20.161.6]) by hqpgpgate101.nvidia.com (PGP Universal service); Tue, 22 May 2018 16:26:22 -0700 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Tue, 22 May 2018 16:26:22 -0700 Received: from localhost (172.16.178.199) by HQMAIL108.nvidia.com (172.18.146.13) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 22 May 2018 23:26:21 +0000 Date: Tue, 22 May 2018 16:26:21 -0700 To: From: Subject: Improve overflow detection in gdbserver X-NVConfidentiality: public MIME-Version: 1.0 Message-ID: <90c408285a59434982d00986635c8da9@HQMAIL108.nvidia.com> X-ClientProxiedBy: HQMAIL107.nvidia.com (172.20.187.13) To HQMAIL108.nvidia.com (172.18.146.13) Hi GDB Team, Currently, the function used by gdbserver to parse integers from received commands will detect overflow and fail for any value over 0xfffffff. Among other things, this has the effect of limiting the file offsets for reading or writing to about 268MB which can be insufficient for particularly large libraries. This change allows the parsing of integers up to the true maximum positive value of 0x7fffffff, increasing the file size limit to about 2GB. Note that I don't currently have a copyright assignment form on file, but your contributor guidlines state that one is not required for minor changes, so I was hoping this would qualify. Also, just wanted to say I really appreciate the work you folks do on this awesome tool, and am glad to be able to make a contribution (however small it may be)! Cheers, Erik diff --git a/gdb/gdbserver/ChangeLog b/gdb/gdbserver/ChangeLog index 5e7ea108b5..58a5f2c30c 100644 --- a/gdb/gdbserver/ChangeLog +++ b/gdb/gdbserver/ChangeLog @@ -1,3 +1,7 @@ +2018-05-18 Erik Kurzinger + * hostio.c (require_int): do not report overflow + for integers between 0xfffffff and 0x7fffffff + 2018-05-10 Joel Brobecker * lynx-i386-low.c (LYNXOS_178): New macro. diff --git a/gdb/gdbserver/hostio.c b/gdb/gdbserver/hostio.c index d2b5a71bad..c621edfef5 100644 --- a/gdb/gdbserver/hostio.c +++ b/gdb/gdbserver/hostio.c @@ -96,22 +96,27 @@ static int require_int (char **pp, int *value) { char *p; - int count; + int count, firstdigit; p = *pp; *value = 0; count = 0; + firstdigit = -1; while (*p && *p != ',') { int nib; - /* Don't allow overflow. */ - if (count >= 7) + if (safe_fromhex (p[0], &nib)) return -1; - if (safe_fromhex (p[0], &nib)) + if (firstdigit == -1) + firstdigit = nib; + + /* Don't allow overflow. */ + if (count >= 8 || (count == 7 && firstdigit >= 0x8)) return -1; + *value = *value * 16 + nib; p++; count++;