This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[patch] [gdbserver] Fix memory corruption
- From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- To: gdb-patches at sourceware dot org
- Date: Tue, 1 Mar 2011 22:34:28 +0100
- Subject: [patch] [gdbserver] Fix memory corruption
Hi,
gdb.server/ext-run.exp always crashes during the nightly regression tests:
info os processes
memory clobbered past end of allocated block
Remote communication error. Target disconnected.: Connection reset by peer.
(gdb) FAIL: gdb.server/ext-run.exp: get process list (pattern 1)
Probably OK to check in but I rather ask.
To make it easily reproducible one can disable try_rle() by patching it:
+return 1;
/* Don't go past '~'. */
So that putpkt_binary_1's cnt == 16383 will overrun PBUFSIZ 16384 by 4 bytes.
Thanks,
Jan
gdb/gdbserver/
2011-03-01 Jan Kratochvil <jan.kratochvil@redhat.com>
* remote-utils.c (putpkt_binary_1): Calculate BUF2 size dynamically.
--- a/gdb/gdbserver/remote-utils.c
+++ b/gdb/gdbserver/remote-utils.c
@@ -725,7 +725,7 @@ putpkt_binary_1 (char *buf, int cnt, int is_notif)
char *p;
int cc;
- buf2 = xmalloc (PBUFSIZ);
+ buf2 = xmalloc (1 + cnt + 4);
/* Copy the packet into buffer BUF2, encapsulating it
and giving it a checksum. */