aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Kratochvil <jan.kratochvil@redhat.com>2007-09-02 14:04:31 +0000
committerJan Kratochvil <jan.kratochvil@redhat.com>2007-09-02 14:04:31 +0000
commitd99148ef7338d24780a2ca8eed4ee228bcb1d4af (patch)
tree38339f182dfbc199e7f2ae6c4c6d5d3d444e9e91
parent4cf31eea6a6bec860ad6605dac92b53c69d1bb4e (diff)
downloadgdb-d99148ef7338d24780a2ca8eed4ee228bcb1d4af.zip
gdb-d99148ef7338d24780a2ca8eed4ee228bcb1d4af.tar.gz
gdb-d99148ef7338d24780a2ca8eed4ee228bcb1d4af.tar.bz2
* linux-nat.c (linux_nat_make_corefile_notes): Fixed a buffer overflow.
-rw-r--r--gdb/ChangeLog4
-rw-r--r--gdb/linux-nat.c17
2 files changed, 18 insertions, 3 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index c2fbbba..d1777a0 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,7 @@
+2007-09-02 Jan Kratochvil <jan.kratochvil@redhat.com>
+
+ * linux-nat.c (linux_nat_make_corefile_notes): Fixed a buffer overflow.
+
2007-09-01 Jan Kratochvil <jan.kratochvil@redhat.com>
* Makefile.in (symfile.o): Update dependencies.
diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
index 128e83f..90b8a3b 100644
--- a/gdb/linux-nat.c
+++ b/gdb/linux-nat.c
@@ -2686,7 +2686,9 @@ linux_nat_make_corefile_notes (bfd *obfd, int *note_size)
{
struct linux_nat_corefile_thread_data thread_args;
struct cleanup *old_chain;
+ /* The variable size must be >= sizeof (prpsinfo_t.pr_fname). */
char fname[16] = { '\0' };
+ /* The variable size must be >= sizeof (prpsinfo_t.pr_psargs). */
char psargs[80] = { '\0' };
char *note_data = NULL;
ptid_t current_ptid = inferior_ptid;
@@ -2699,9 +2701,18 @@ linux_nat_make_corefile_notes (bfd *obfd, int *note_size)
strncpy (psargs, get_exec_file (0), sizeof (psargs));
if (get_inferior_args ())
{
- strncat (psargs, " ", sizeof (psargs) - strlen (psargs));
- strncat (psargs, get_inferior_args (),
- sizeof (psargs) - strlen (psargs));
+ char *string_end;
+ char *psargs_end = psargs + sizeof (psargs);
+
+ /* linux_elfcore_write_prpsinfo () handles zero unterminated
+ strings fine. */
+ string_end = memchr (psargs, 0, sizeof (psargs));
+ if (string_end != NULL)
+ {
+ *string_end++ = ' ';
+ strncpy (string_end, get_inferior_args (),
+ psargs_end - string_end);
+ }
}
note_data = (char *) elfcore_write_prpsinfo (obfd,
note_data,