diff options
author | Markus Armbruster <armbru@redhat.com> | 2019-05-14 20:03:08 +0200 |
---|---|---|
committer | Markus Armbruster <armbru@redhat.com> | 2019-05-22 15:00:04 +0200 |
commit | 046aba169bc21c08823cfbe8d4f3b4ad116ac676 (patch) | |
tree | 6bd2f82bad17e551ec649f801859324225cc37e2 /gdbstub.c | |
parent | d18dc3af478664b1d5e0dd3ace1eabb9d160f244 (diff) | |
download | qemu-046aba169bc21c08823cfbe8d4f3b4ad116ac676.zip qemu-046aba169bc21c08823cfbe8d4f3b4ad116ac676.tar.gz qemu-046aba169bc21c08823cfbe8d4f3b4ad116ac676.tar.bz2 |
gdbstub: Reject invalid RLE repeat counts
"Debugging with GDB / Appendix E GDB Remote Serial Protocol /
Overview" specifies "The printable characters '#' and '$' or with a
numeric value greater than 126 must not be used." gdb_read_byte()
only rejects values < 32. This is wrong. Impact depends on the caller:
* gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and
'\127'.
* gdb_chr_receive() passes an uint8_t. Additionally accepts
characters with the most-significant bit set.
Correct the validity check to match the specification.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190514180311.16028-4-armbru@redhat.com>
Diffstat (limited to 'gdbstub.c')
-rw-r--r-- | gdbstub.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -2064,7 +2064,11 @@ static void gdb_read_byte(GDBState *s, int ch) } break; case RS_GETLINE_RLE: - if (ch < ' ') { + /* + * Run-length encoding is explained in "Debugging with GDB / + * Appendix E GDB Remote Serial Protocol / Overview". + */ + if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) { /* invalid RLE count encoding */ trace_gdbstub_err_invalid_repeat((uint8_t)ch); s->state = RS_GETLINE; |