aboutsummaryrefslogtreecommitdiff
path: root/gdbstub.c
diff options
context:
space:
mode:
authorMarkus Armbruster <armbru@redhat.com>2019-05-14 20:03:08 +0200
committerMarkus Armbruster <armbru@redhat.com>2019-05-22 15:00:04 +0200
commit046aba169bc21c08823cfbe8d4f3b4ad116ac676 (patch)
tree6bd2f82bad17e551ec649f801859324225cc37e2 /gdbstub.c
parentd18dc3af478664b1d5e0dd3ace1eabb9d160f244 (diff)
downloadqemu-046aba169bc21c08823cfbe8d4f3b4ad116ac676.zip
qemu-046aba169bc21c08823cfbe8d4f3b4ad116ac676.tar.gz
qemu-046aba169bc21c08823cfbe8d4f3b4ad116ac676.tar.bz2
gdbstub: Reject invalid RLE repeat counts
"Debugging with GDB / Appendix E GDB Remote Serial Protocol / Overview" specifies "The printable characters '#' and '$' or with a numeric value greater than 126 must not be used." gdb_read_byte() only rejects values < 32. This is wrong. Impact depends on the caller: * gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and '\127'. * gdb_chr_receive() passes an uint8_t. Additionally accepts characters with the most-significant bit set. Correct the validity check to match the specification. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190514180311.16028-4-armbru@redhat.com>
Diffstat (limited to 'gdbstub.c')
-rw-r--r--gdbstub.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/gdbstub.c b/gdbstub.c
index d54abd1..c41eb1d 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -2064,7 +2064,11 @@ static void gdb_read_byte(GDBState *s, int ch)
}
break;
case RS_GETLINE_RLE:
- if (ch < ' ') {
+ /*
+ * Run-length encoding is explained in "Debugging with GDB /
+ * Appendix E GDB Remote Serial Protocol / Overview".
+ */
+ if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
/* invalid RLE count encoding */
trace_gdbstub_err_invalid_repeat((uint8_t)ch);
s->state = RS_GETLINE;