This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[COMMIT PATCH] remote: Map invalid signal numbers to GDB_SIGNAL_UNKNOWN.

From: Pedro Alves <palves at redhat dot com>
To: gdb-patches at sourceware dot org
Date: Tue, 22 Oct 2013 15:08:43 +0100
Subject: [COMMIT PATCH] remote: Map invalid signal numbers to GDB_SIGNAL_UNKNOWN.
Authentication-results: sourceware.org; auth=none

I realized that remote.c is not validating input here.  Currently, if
a remote stub sends in an invalid signal number (or put another way,
if a future stub sends a new signal an old GDB doesn't know about),
GDB will do out of bounds accesses in the
signal_pass/signal_stop/signal_program arrays.  It'll probably be a
long while before we add another signal number (and buggy stubs should
just be fixed), but can't hurt to be defensive.

Tested on x86_64 Fedora 17, native gdbserver.

gdb/
2013-10-22  Pedro Alves  <palves@redhat.com>

	* remote.c (remote_parse_stop_reply) <'T'/'S'/'X' replies>: Map
	invalid signal numbers to GDB_SIGNAL_UNKNOWN.
---
 gdb/remote.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/gdb/remote.c b/gdb/remote.c
index a2e8a01..7d8a4de 100644
--- a/gdb/remote.c
+++ b/gdb/remote.c
@@ -5720,9 +5720,16 @@ Packet: '%s'\n"),
 
       /* fall through */
     case 'S':		/* Old style status, just signal only.  */
-      event->ws.kind = TARGET_WAITKIND_STOPPED;
-      event->ws.value.sig = (enum gdb_signal)
-	(((fromhex (buf[1])) << 4) + (fromhex (buf[2])));
+      {
+	int sig;
+
+	event->ws.kind = TARGET_WAITKIND_STOPPED;
+	sig = (fromhex (buf[1]) << 4) + fromhex (buf[2]);
+	if (GDB_SIGNAL_FIRST <= sig && sig < GDB_SIGNAL_LAST)
+	  event->ws.value.sig = (enum gdb_signal) sig;
+	else
+	  event->ws.value.sig = GDB_SIGNAL_UNKNOWN;
+      }
       break;
     case 'W':		/* Target exited.  */
     case 'X':
@@ -5746,7 +5753,10 @@ Packet: '%s'\n"),
 	  {
 	    /* The remote process exited with a signal.  */
 	    event->ws.kind = TARGET_WAITKIND_SIGNALLED;
-	    event->ws.value.sig = (enum gdb_signal) value;
+	    if (GDB_SIGNAL_FIRST <= value && value < GDB_SIGNAL_LAST)
+	      event->ws.value.sig = (enum gdb_signal) value;
+	    else
+	      event->ws.value.sig = GDB_SIGNAL_UNKNOWN;
 	  }
 
 	/* If no process is specified, assume inferior_ptid.  */
-- 
1.7.11.7

Follow-Ups:
- Re: [COMMIT PATCH] remote: Map invalid signal numbers to GDB_SIGNAL_UNKNOWN.
  - From: Tom Tromey

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]