This is the mail archive of the gdb-patches@sourceware.cygnus.com mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [PATCH] update: minor fixes in remote.c


Philippe GIACINTI wrote:

> @@ -3439,7 +3439,8 @@
>        int todo;
>        int i;
> 
> -      todo = min (len, max_buf_size / 2);      /* num bytes that will fit */
> +      todo = min (len, max_buf_size / 2 - 2);  /* num bytes that will fit */
> +      /* -2 for leading $ and trailing # + checksum (2 hex chars) */
> 
>        /* construct "m"<memaddr>","<len>" */
>        /* sprintf (buf, "m%lx,%x", (unsigned long) memaddr, todo); */
> 
> If the host side needs to read for example 500 bytes and assuming that the
> maximum buffer size is 400 chars, then without the fix, the remote side will
> be asked to send min (500, 400/2)=200 bytes, its answer will then be:
>    $ ... 200 hex encoded bytes = 400 chars #CS = 400 + 4 chars which is greater
> than the max buffer size and will lead to an error from the host side.
> So we need to subtract 4 chars (i.e.: 2 hex encoded bytes) from requested
> number of bytes.

I'm still not sure that there is a problem here (I'm not saying that
there isn't though).  Several changes late last year and the testsuite
addition remote.exp addressed/tested many of the buffer overflow
problems that were lingering in that code.

Do you have a debug session or test case that demonstrates the problem?

One thing to keep in mind is that, when receiving packets, the ``$'' and
``#NN'' are not included in the size of incomming packets as the remote
code does not use the packet buffer for those characters.

	Andrew

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]