diff options
| author | Tom de Vries <tdevries@suse.de> | 2024-10-30 13:30:51 +0100 |
|---|---|---|
| committer | Tom de Vries <tdevries@suse.de> | 2024-10-30 13:30:51 +0100 |
| commit | 35d53ce6429a5e822aff29803956eb008775ef15 (patch) | |
| tree | 7e6dd2bdc05a645e412d0066c1f9e1eacee1cf68 /gdb/testsuite/gdb.python/python.c | |
| parent | 5330d85af1dbf48156a35f3908571ba57aae5304 (diff) | |
| download | gdb-35d53ce6429a5e822aff29803956eb008775ef15.zip gdb-35d53ce6429a5e822aff29803956eb008775ef15.tar.gz gdb-35d53ce6429a5e822aff29803956eb008775ef15.tar.bz2 | |
[gdb/tdep] Use std::array in amd64-windows-tdep.c
I noticed commit 84786372e1c ("Fix size of register buffer") fixing a
stack-buffer-overflow found by AddressSanitizer in
amd64_windows_store_arg_in_reg:
...
- gdb_byte buf[8];
+ gdb_byte buf[16];
...
and wondered if we could have found this without AddressSanitizer.
I realized that the problem is that this:
...
gdb_byte buf[N];
...
regcache->cooked_write (regno, buf);
...
is using the deprecated variant of cooked_write instead of the one using
gdb::array_view:
...
/* Transfer of pseudo-registers. */
void cooked_write (int regnum, gdb::array_view<const gdb_byte> src);
/* Deprecated overload of the above. */
void cooked_write (int regnum, const gdb_byte *src);
...
and consequently cooked_write does not know the size of buf.
Fix this by using std::array, and likewise in other places in
gdb/amd64-windows-tdep.c.
In the process I fixed another out of bounds access here:
...
gdb_byte imm16[2];
...
cache->prev_sp = cur_sp
+ extract_unsigned_integer (imm16, 4, byte_order);
...
where we're reading 4 bytes from the 2-byte buffer imm16.
Tested by rebuilding on x86_64-linux.
Tested-By: Hannes Domani <ssbssa@yahoo.de>
Diffstat (limited to 'gdb/testsuite/gdb.python/python.c')
0 files changed, 0 insertions, 0 deletions