diff options
author | Simon Marchi <simon.marchi@polymtl.ca> | 2020-10-21 10:41:12 -0400 |
---|---|---|
committer | Simon Marchi <simon.marchi@efficios.com> | 2020-10-21 10:42:26 -0400 |
commit | 4dbe16c8115cd9820cadba5300cbfe04f518269f (patch) | |
tree | c6dabfbf2056f7b0049bb28bceb13bbd85ae7e0b | |
parent | 98cec4f6a27679709d7ae2ce7ee25af50866f604 (diff) | |
download | gdb-4dbe16c8115cd9820cadba5300cbfe04f518269f.zip gdb-4dbe16c8115cd9820cadba5300cbfe04f518269f.tar.gz gdb-4dbe16c8115cd9820cadba5300cbfe04f518269f.tar.bz2 |
gdbserver: fix overlap in sprintf argument and buffer
While trying to build on Cygwin (gcc 10.2.0), I got:
CXX server.o
/home/Baube/src/binutils-gdb/gdbserver/server.cc: In function 'void handle_general_set(char*)':
/home/Baube/src/binutils-gdb/gdbserver/server.cc:832:12: error: 'sprintf' argument 3 overlaps destination object 'own_buf' [-Werror=restrict]
832 | sprintf (own_buf, "E.Unknown thread-events mode requested: %s\n",
| ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
833 | mode);
| ~~~~~
/home/Baube/src/binutils-gdb/gdbserver/server.cc:553:27: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
553 | handle_general_set (char *own_buf)
| ~~~~~~^~~~~~~
There is indeed a problem: mode points somewhere into own_buf. And by
the time mode gets formatted as a %s, whatever it points to has been
overwritten. I hacked gdbserver to coerce it into that error path, and
this is the resulting message:
(gdb) p own_buf
$1 = 0x629000000200 "E.Unknown thread-events mode requested: ad-events mode requested: 00;10:9020fdf7ff7f0000;thread:p49388.49388;core:e;\n"
Fix it by formatting the error string in an std::string first.
gdbserver/ChangeLog:
* server.cc (handle_general_set): Don't use sprintf with
argument overlapping buffer.
Change-Id: I4fdf05c0117f63739413dd67ddae7bd6ee414824
-rw-r--r-- | gdbserver/ChangeLog | 5 | ||||
-rw-r--r-- | gdbserver/server.cc | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/gdbserver/ChangeLog b/gdbserver/ChangeLog index fd0a4bf..b1628cd 100644 --- a/gdbserver/ChangeLog +++ b/gdbserver/ChangeLog @@ -1,3 +1,8 @@ +2020-10-21 Simon Marchi <simon.marchi@polymtl.ca> + + * server.cc (handle_general_set): Don't use sprintf with + argument overlapping buffer. + 2020-10-20 Tom Tromey <tromey@adacore.com> PR gdb/26742: diff --git a/gdbserver/server.cc b/gdbserver/server.cc index 4a211a4..1601453 100644 --- a/gdbserver/server.cc +++ b/gdbserver/server.cc @@ -829,8 +829,10 @@ handle_general_set (char *own_buf) else { /* We don't know what this mode is, so complain to GDB. */ - sprintf (own_buf, "E.Unknown thread-events mode requested: %s\n", - mode); + std::string err + = string_printf ("E.Unknown thread-events mode requested: %s\n", + mode); + strcpy (own_buf, err.c_str ()); return; } |