This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[patch gdb]: Fix PR gdb/15161 part 2 of 3
- From: Kai Tietz <ktietz70 at googlemail dot com>
- To: gdb-patches at sourceware dot org
- Date: Tue, 19 Feb 2013 18:19:08 +0100
- Subject: [patch gdb]: Fix PR gdb/15161 part 2 of 3
Hi,
this patch fixes part two of the PR gdb/15161 issue in monitor.c file.
It is additional
fixes a potential buffer-overflow by using sscanf.
ChangeLog
2013-02-19 Kai Tietz <ktietz@redhat.com>
PR gdb/15161
* monitor.c (monitor_load): Replace sscanf code for parsing
arguments.
Ok for apply?
Regards,
Kai
Index: monitor.c
===================================================================
RCS file: /cvs/src/src/gdb/monitor.c,v
retrieving revision 1.113
diff -p -u -r1.113 monitor.c
--- monitor.c 1 Jan 2013 06:32:47 -0000 1.113
+++ monitor.c 19 Feb 2013 16:52:50 -0000
@@ -2184,15 +2184,33 @@ monitor_load (char *file, int from_tty)
else
{ /* The default is ascii S-records. */
int n;
- unsigned long load_offset;
- char buf[128];
+ CORE_ADDR load_offset = 0;
+ char buf[128], *pb, *d = buf;
/* Enable user to specify address for downloading as 2nd arg to load. */
- n = sscanf (file, "%s 0x%lx", buf, &load_offset);
- if (n > 1)
- file = buf;
- else
- load_offset = 0;
+ pb = file;
+ n = 0;
+ /* Read until first space. */
+ while (*pb != 0 && *pb != 0x20)
+ {
+ if (n < 127)
+ {
+ *d++ = *pb++;
+ ++n;
+ }
+ else
+ ++pb;
+ }
+ *d = 0;
+
+ while (isspace (pb[0])
+ ++pb;
+
+ if (*pb != 0)
+ {
+ load_offset = (CORE_ADDR) strtoulst (pb, NULL, 0);
+ file = buf;
+ }
monitor_printf (current_monitor->load);
if (current_monitor->loadresp)