Created attachment 15102 [details] Python3 script used to trigger the bug Hello GDB developers, During a debug session with IDAPro 7.7 in conjunction with gdbserver running on Debian, I encountered a crash while IDA was trying to reconnect to the remote debugger. I reproduced exactly all the “GDB serial Protocol” commands that I sent to gdbserver using a python script and the only error I got was SIGPIPE. I noticed that adding a sleep between the commands resulted in the same crash mentioned above. After a little bit of trial and error I found that the combinantion of commands resulting in SEGFAULT was: 1) "+" --> (sleep one sencond after the response) 2) "QStartNoAckMode" --> (sleep one second after the response) 3) "%" --> (sleep one second after the response, and the string sent can be anything) I was running gdbserver in my local network using "gdbserver localhost:23946 ~/Desktop/binary", the version of gdbserver is GNU gdbserver (Debian 13.2-1) 13.2 and gdbserver was configured as "x86_64-linux-gnu" Usually if the commands are not sent with the right timing the only error raised is SIGPIPE and the program keeps running. I found out that there is a read out of bound during the call of the readchar (gdbserver/remote-utils.cc:847). The variable readchar_bufcnt is decremented leading to a backward stack read out of bound causing a SEGMENTATION FAULT. I have no clue why the inputs bypasses the checks and starts to read the stack. If readchar_bufcnt < 0 in readchar (gdbserver/remote-utils.cc:847) would return -1. gdbserver is installed using the packet manager (sudo apt install gdbserver) I compiled the program with symbols and I got the same issue. Thank you for your attention and support. Vincenzo Cantatore Gianluca Parisi Vincenzo Turturro (M0NT3C4RL0 Team) -- System Information: Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2023.3 Codename: kali-rolling Architecture: x86_64 Kernel: Linux 5.10.0-kali3-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gdbserver depends on: ii libc6 2.37-6 ii libgcc-s1 13.1.0-6 ii libstdc++6 13.1.0-6 gdbserver recommends no packages. gdbserver suggests no packages. -- no debconf information