[PATCH] [gdbserver] Fix overflow detection in gdbserver

[PATCH] [gdbserver] Fix overflow detection in gdbserver

[Kirill Radkin]

[-- Attachment #1: Type: text/plain, Size: 6037 bytes --]

Hi,


Recently I have encountered an issue with gdbserver not being able to send debug information from large files (> 2Gb). I found that this issue is connected with parsing offsets (integer) from vFile::pread packets. There is already a patch (https://sourceware.org/bugzilla/show_bug.cgi?id=23198) that allows to parse integers up to 0x7fffffff (32-bit integer), but it doesn't fix the problem at all, because offsets can have a off_t type which can be larger than 32-bit integer (it depends on system).

This patch allows require_int() function to parse offset up to the maximum value implied by the off_t type.


From 01117d757a0eb4f632aded4b15a06dbcccc7adf7 Mon Sep 17 00:00:00 2001
From: Kirill Radkin <kirill.radkin@syntacore.com>
Date: Mon, 13 Nov 2023 16:27:15 +0300
Subject: [PATCH] gdbserver: Fix overflow detection in gdbserver

Currently gdbserver use require_int() function to
parse offset which we get, for example, in vFile::pread
packet. This function allows integers up to 0x7fffffff,
(to fit in 32-bit int) but actually offset (for pread
system call) have a off_t type which can be larger than
32-bit.

This patch allows require_int() function to parse offset
up to the maximum value implied by the off_t type.
---
 gdb/testsuite/gdb.server/pread-offset-size.S  | 26 ++++++++++
 .../gdb.server/pread-offset-size.exp          | 47 +++++++++++++++++++
 gdbserver/hostio.cc                           | 16 +++++--
 3 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp

diff --git a/gdb/testsuite/gdb.server/pread-offset-size.S b/gdb/testsuite/gdb.server/pread-offset-size.S
new file mode 100644
index 00000000000..31748090ac3
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.S
@@ -0,0 +1,26 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2023-2023 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+ .text
+ .globl _start
+_start:
+ .skip 3742415472
+   ret
+ .globl f
+ .type f, @function
+f:
+   ret
diff --git a/gdb/testsuite/gdb.server/pread-offset-size.exp b/gdb/testsuite/gdb.server/pread-offset-size.exp
new file mode 100644
index 00000000000..a4b648b29fc
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.exp
@@ -0,0 +1,47 @@
+# Copyright (C) 2023-2023 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+load_lib gdbserver-support.exp
+
+if {[skip_gdbserver_tests]} {
+    return
+}
+
+standard_testfile .S
+
+if { [prepare_for_testing ${testfile}.exp $testfile \
+      $srcfile {debug additional_flags=-nostdlib} ] } {
+    return -1
+}
+
+gdb_exit
+gdb_start
+
+gdb_test_no_output "set remote exec-file $binfile" \
+"set remote exec-file"
+
+# Make sure we're disconnected, in case we're testing with an
+# extended-remote board, therefore already connected.
+gdb_test "disconnect" ".*"
+
+set res [gdbserver_spawn ""]
+set gdbserver_protocol [lindex $res 0]
+set gdbserver_gdbport [lindex $res 1]
+
+gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
+"Remote debugging using .*" \
+"target $gdbserver_protocol $gdbserver_gdbport"
+
+gdb_test "break f" "Breakpoint 1.*"
diff --git a/gdbserver/hostio.cc b/gdbserver/hostio.cc
index ea70c26da0f..068771428f9 100644
--- a/gdbserver/hostio.cc
+++ b/gdbserver/hostio.cc
@@ -90,12 +90,16 @@ require_filename (char **pp, char *filename)
   return 0;
 }

+template <typename T>
 static int
-require_int (char **pp, int *value)
+require_int (char **pp, T *value)
 {
   char *p;
   int count, firstdigit;

+  /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
+  int max_count = sizeof(T) * CHAR_BIT / 4;
+
   p = *pp;
   *value = 0;
   count = 0;
@@ -112,7 +116,9 @@ require_int (char **pp, int *value)
  firstdigit = nib;

       /* Don't allow overflow.  */
-      if (count >= 8 || (count == 7 && firstdigit >= 0x8))
+      if (count >= max_count || (static_cast<T>(-1) < 0
+ && count == (max_count - 1)
+ && firstdigit >= 0x8))
  return -1;

       *value = *value * 16 + nib;
@@ -344,7 +350,8 @@ handle_open (char *own_buf)
 static void
 handle_pread (char *own_buf, int *new_packet_len)
 {
-  int fd, ret, len, offset, bytes_sent;
+  int fd, ret, len, bytes_sent;
+  off_t offset;
   char *p, *data;
   static int max_reply_size = -1;

@@ -411,7 +418,8 @@ handle_pread (char *own_buf, int *new_packet_len)
 static void
 handle_pwrite (char *own_buf, int packet_len)
 {
-  int fd, ret, len, offset;
+  int fd, ret, len;
+  off_t offset;
   char *p, *data;

   p = own_buf + strlen ("vFile:pwrite:");
--
2.34.1

Re: [PATCH] [gdbserver] Fix overflow detection in gdbserver

[Simon Marchi]

On 12/21/23 03:38, Kirill Radkin wrote:
> Hi,
> 
> 
> Recently I have encountered an issue with gdbserver not being able to send debug information from large files (> 2Gb). I found that this issue is connected with parsing offsets (integer) from vFile::pread packets. There is already a patch (https://sourceware.org/bugzilla/show_bug.cgi?id=23198) that allows to parse integers up to 0x7fffffff (32-bit integer), but it doesn't fix the problem at all, because offsets can have a off_t type which can be larger than 32-bit integer (it depends on system).
> 
> This patch allows require_int() function to parse offset up to the maximum value implied by the off_t type.

Hi,

Thanks for the patch.

First, the boring stuff: I think that the patch is more than an obvious
fix, so we'll need to make sure you are covered with an FSF copyright
assignment [1].  Do you know if you (or your employer, since it looks
like you're doing this as part of your employment) are covered with one
already?

[1] https://sourceware.org/gdb/wiki/ContributionChecklist#FSF_copyright_Assignment

Then, I am unable to apply your patch with git-am.  It looks like you
copy pasted the patch in your email client, which usually gives bad
results.  Are you able to use git-send-email [2]?  This is the most
trustworthy way.

[2] https://sourceware.org/gdb/wiki/ContributionChecklist#Submitting_patches

Some comments below.

> From 01117d757a0eb4f632aded4b15a06dbcccc7adf7 Mon Sep 17 00:00:00 2001
> From: Kirill Radkin <kirill.radkin@syntacore.com>
> Date: Mon, 13 Nov 2023 16:27:15 +0300
> Subject: [PATCH] gdbserver: Fix overflow detection in gdbserver
> 
> Currently gdbserver use require_int() function to
> parse offset which we get, for example, in vFile::pread
> packet. This function allows integers up to 0x7fffffff,
> (to fit in 32-bit int) but actually offset (for pread
> system call) have a off_t type which can be larger than
> 32-bit.
> 
> This patch allows require_int() function to parse offset
> up to the maximum value implied by the off_t type.
> ---
>  gdb/testsuite/gdb.server/pread-offset-size.S  | 26 ++++++++++
>  .../gdb.server/pread-offset-size.exp          | 47 +++++++++++++++++++
>  gdbserver/hostio.cc                           | 16 +++++--
>  3 files changed, 85 insertions(+), 4 deletions(-)
>  create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
>  create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp
> 
> diff --git a/gdb/testsuite/gdb.server/pread-offset-size.S b/gdb/testsuite/gdb.server/pread-offset-size.S
> new file mode 100644
> index 00000000000..31748090ac3
> --- /dev/null
> +++ b/gdb/testsuite/gdb.server/pread-offset-size.S
> @@ -0,0 +1,26 @@
> +/* This testcase is part of GDB, the GNU debugger.
> +
> +   Copyright 2023-2023 Free Software Foundation, Inc.

Just "2023".

> +
> +   This program is free software; you can redistribute it and/or modify
> +   it under the terms of the GNU General Public License as published by
> +   the Free Software Foundation; either version 3 of the License, or
> +   (at your option) any later version.
> +
> +   This program is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +   GNU General Public License for more details.
> +
> +   You should have received a copy of the GNU General Public License
> +   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
> +
> +.text
> +.globl_start
> +_start:
> +.skip 3742415472

Does this create a sparse file on systems that support it?  I could see
it as a problem for some test environments if we create and leave a file
occupying ~4GB file in the build directory.  Well, two actually, there
will be the .o and the final executable.  Note that I don't have a
better idea on how to test this...

> +   ret
> +.globlf
> +.typef, @function
> +f:
> +   ret

Do you expect this .S file to work for all architectures?  It's simple,
but I guess that the "ret" instruction doesn't exist on all
architectures.  Can you think of a way to produce a big binary that is
not architecture-dependent at all?  Maybe produce an executable, and
then insert a large dummy section in the beginning?

> diff --git a/gdb/testsuite/gdb.server/pread-offset-size.exp b/gdb/testsuite/gdb.server/pread-offset-size.exp
> new file mode 100644
> index 00000000000..a4b648b29fc
> --- /dev/null
> +++ b/gdb/testsuite/gdb.server/pread-offset-size.exp
> @@ -0,0 +1,47 @@
> +# Copyright (C) 2023-2023 Free Software Foundation, Inc.

Just "2023".

> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 3 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see <http://www.gnu.org/licenses/>.
> +

Please add a short comment that explains the intention of this test.

> +load_lib gdbserver-support.exp
> +
> +if {[skip_gdbserver_tests]} {
> +    return
> +}
> +
> +standard_testfile .S
> +
> +if { [prepare_for_testing ${testfile}.exp $testfile \
> +      $srcfile {debug additional_flags=-nostdlib} ] } {
> +    return -1
> +}
> +
> +gdb_exit
> +gdb_start
> +
> +gdb_test_no_output "set remote exec-file $binfile" \
> +"set remote exec-file"
> +
> +# Make sure we're disconnected, in case we're testing with an
> +# extended-remote board, therefore already connected.
> +gdb_test "disconnect" ".*"
> +
> +set res [gdbserver_spawn ""]
> +set gdbserver_protocol [lindex $res 0]
> +set gdbserver_gdbport [lindex $res 1]
> +
> +gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
> +"Remote debugging using .*" \
> +"target $gdbserver_protocol $gdbserver_gdbport"
> +
> +gdb_test "break f" "Breakpoint 1.*"


> diff --git a/gdbserver/hostio.cc b/gdbserver/hostio.cc
> index ea70c26da0f..068771428f9 100644
> --- a/gdbserver/hostio.cc
> +++ b/gdbserver/hostio.cc
> @@ -90,12 +90,16 @@ require_filename (char **pp, char *filename)
>    return 0;
>  }
>  
> +template <typename T>
>  static int
> -require_int (char **pp, int *value)
> +require_int (char **pp, T *value)
>  {
>    char *p;
>    int count, firstdigit;
>  
> +  /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
> +  int max_count = sizeof(T) * CHAR_BIT / 4;
> +
>    p = *pp;
>    *value = 0;
>    count = 0;
> @@ -112,7 +116,9 @@ require_int (char **pp, int *value)
>  firstdigit = nib;
>  
>        /* Don't allow overflow.  */
> -      if (count >= 8 || (count == 7 && firstdigit >= 0x8))
> +      if (count >= max_count || (static_cast<T>(-1) < 0
> +&& count == (max_count - 1)
> +&& firstdigit >= 0x8))
>  return -1;

I guess that the static_cast thing is to determine if the type is signed
or not?  Can you give it a name, for clarity, like (maybe there's a
better way, just an example):

  constexpr bool is_signed = static_cast<T> (-1) < 0;

Simon

Re: [PATCH] [gdbserver] Fix overflow detection in gdbserver

[Tom Tromey]

>>>>> "Simon" == Simon Marchi <simark@simark.ca> writes:

>> +      if (count >= max_count || (static_cast<T>(-1) < 0
>> +&& count == (max_count - 1)
>> +&& firstdigit >= 0x8))
>> return -1;

Simon> I guess that the static_cast thing is to determine if the type is signed
Simon> or not?  Can you give it a name, for clarity, like (maybe there's a
Simon> better way, just an example):

Simon>   constexpr bool is_signed = static_cast<T> (-1) < 0;

We also have uses of std::is_signed<> and std::is_unsigned<> in the tree
already, so just using those is probably preferable, assuming this code
does what I think it does.

Tom

[PATCH] gdbserver: Fix overflow detection in gdbserver

[Kirill Radkin]

> First, the boring stuff: I think that the patch is more than an obvious
> fix, so we'll need to make sure you are covered with an FSF copyright
> assignment [1].  Do you know if you (or your employer, since it looks
> like you're doing this as part of your employment) are covered with one
> already?

Yes, we recieved assignment on Dec 26 2022 (RT:1894351). Accepted by John Hsieh.

> Then, I am unable to apply your patch with git-am.  It looks like you
> copy pasted the patch in your email client, which usually gives bad
> results.  Are you able to use git-send-email [2]?  This is the most
> trustworthy way.

Done.

> Does this create a sparse file on systems that support it?  I could see
> it as a problem for some test environments if we create and leave a file
> occupying ~4GB file in the build directory.  Well, two actually, there
> will be the .o and the final executable.  Note that I don't have a
> better idea on how to test this...

The only way to test my patch is transferring large (>2GB) binaries.
I decided to create large binary this way.

> Do you expect this .S file to work for all architectures?  It's simple,
> but I guess that the "ret" instruction doesn't exist on all
> architectures.  Can you think of a way to produce a big binary that is
> not architecture-dependent at all?  Maybe produce an executable, and
> then insert a large dummy section in the beginning?

"ret" removed. I have simplified binary, so now it should work for all
architectures.

Currently gdbserver uses require_int() function to
parse the requested offset (in vFile::pread
packet and the like). This function allows integers up to 0x7fffffff
(to fit in 32-bit int), however the offset (for pread
system call) has an off_t type which can be larger than
32-bit.

This patch allows require_int() function to parse offset
up to the maximum value implied by the off_t type.
---
 gdb/testsuite/gdb.server/pread-offset-size.S  | 23 +++++++++
 .../gdb.server/pread-offset-size.exp          | 50 +++++++++++++++++++
 gdbserver/hostio.cc                           | 19 +++++--
 3 files changed, 88 insertions(+), 4 deletions(-)
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp

diff --git a/gdb/testsuite/gdb.server/pread-offset-size.S b/gdb/testsuite/gdb.server/pread-offset-size.S
new file mode 100644
index 00000000000..b07058e5550
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.S
@@ -0,0 +1,23 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2023 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+	.text
+	.globl	_start
+_start:
+	.skip 3742415472
+	.globl	f
+f:
diff --git a/gdb/testsuite/gdb.server/pread-offset-size.exp b/gdb/testsuite/gdb.server/pread-offset-size.exp
new file mode 100644
index 00000000000..221491bfa04
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.exp
@@ -0,0 +1,50 @@
+# Copyright (C) 2023 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# Test sending of large binary files (>2 GB) from gdbserver
+# (it was unavailable earlier)
+
+load_lib gdbserver-support.exp
+
+if {![allow_gdbserver_tests]} {
+    return
+}
+
+standard_testfile .S
+
+if { [prepare_for_testing ${testfile}.exp $testfile \
+      $srcfile {debug additional_flags=-nostdlib} ] } {
+    return -1
+}
+
+gdb_exit
+gdb_start
+
+gdb_test_no_output "set remote exec-file $binfile" \
+"set remote exec-file"
+
+# Make sure we're disconnected, in case we're testing with an
+# extended-remote board, therefore already connected.
+gdb_test "disconnect" ".*"
+
+set res [gdbserver_spawn ""]
+set gdbserver_protocol [lindex $res 0]
+set gdbserver_gdbport [lindex $res 1]
+
+gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
+"Remote debugging using .*" \
+"target $gdbserver_protocol $gdbserver_gdbport"
+
+gdb_test "break f" "Breakpoint 1.*"
diff --git a/gdbserver/hostio.cc b/gdbserver/hostio.cc
index ea70c26da0f..d27ec58740d 100644
--- a/gdbserver/hostio.cc
+++ b/gdbserver/hostio.cc
@@ -90,12 +90,20 @@ require_filename (char **pp, char *filename)
   return 0;
 }
 
+template <typename T>
 static int
-require_int (char **pp, int *value)
+require_int (char **pp, T *value)
 {
+  constexpr bool is_signed = std::is_signed<T>::value;
+  if (!is_signed)
+    return -1;
+
   char *p;
   int count, firstdigit;
 
+  /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
+  int max_count = sizeof(T) * CHAR_BIT / 4;
+
   p = *pp;
   *value = 0;
   count = 0;
@@ -112,7 +120,8 @@ require_int (char **pp, int *value)
 	firstdigit = nib;
 
       /* Don't allow overflow.  */
-      if (count >= 8 || (count == 7 && firstdigit >= 0x8))
+      if (count >= max_count || (count == (max_count - 1)
+				 && firstdigit >= 0x8))
 	return -1;
 
       *value = *value * 16 + nib;
@@ -344,7 +353,8 @@ handle_open (char *own_buf)
 static void
 handle_pread (char *own_buf, int *new_packet_len)
 {
-  int fd, ret, len, offset, bytes_sent;
+  int fd, ret, len, bytes_sent;
+  off_t offset;
   char *p, *data;
   static int max_reply_size = -1;
 
@@ -411,7 +421,8 @@ handle_pread (char *own_buf, int *new_packet_len)
 static void
 handle_pwrite (char *own_buf, int packet_len)
 {
-  int fd, ret, len, offset;
+  int fd, ret, len;
+  off_t offset;
   char *p, *data;
 
   p = own_buf + strlen ("vFile:pwrite:");
-- 
2.34.1

Re: [PATCH] gdbserver: Fix overflow detection in gdbserver

[Tom Tromey]

>>>>> "Kirill" == Kirill Radkin <kirill.radkin@syntacore.com> writes:

Thank you for the patch.
I didn't see a reply to this one.

Kirill> +template <typename T>
Kirill>  static int
Kirill> -require_int (char **pp, int *value)
Kirill> +require_int (char **pp, T *value)
Kirill>  {
Kirill> +  constexpr bool is_signed = std::is_signed<T>::value;
Kirill> +  if (!is_signed)
Kirill> +    return -1;

I don't understand this early return.

If using an unsigned type here is intended to be invalid, then I think
that should be enforced at compile time.

Kirill> -      if (count >= 8 || (count == 7 && firstdigit >= 0x8))
Kirill> +      if (count >= max_count || (count == (max_count - 1)
Kirill> +				 && firstdigit >= 0x8))
Kirill>  	return -1;
 
However, it seems pretty simple to handle unsigned here as well.

thanks,
Tom

[PATCH v2] gdbserver: Fix overflow detection in gdbserver

[Kirill Radkin]

> I don't understand this early return.
> If using an unsigned type here is intended to be invalid, then I think
> that should be enforced at compile time.

Early return removed.

> However, it seems pretty simple to handle unsigned here as well.

Added.

Currently gdbserver uses require_int() function to
parse the requested offset (in vFile::pread
packet and the like). This function allows integers up to 0x7fffffff
(to fit in 32-bit int), however the offset (for pread
system call) has an off_t type which can be larger than
32-bit.

This patch allows require_int() function to parse offset
up to the maximum value implied by the off_t type.
---
 gdb/testsuite/gdb.server/pread-offset-size.S  | 23 +++++++++
 .../gdb.server/pread-offset-size.exp          | 50 +++++++++++++++++++
 gdbserver/hostio.cc                           | 17 +++++--
 3 files changed, 86 insertions(+), 4 deletions(-)
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp

diff --git a/gdb/testsuite/gdb.server/pread-offset-size.S b/gdb/testsuite/gdb.server/pread-offset-size.S
new file mode 100644
index 00000000000..b07058e5550
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.S
@@ -0,0 +1,23 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2023 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+	.text
+	.globl	_start
+_start:
+	.skip 3742415472
+	.globl	f
+f:
diff --git a/gdb/testsuite/gdb.server/pread-offset-size.exp b/gdb/testsuite/gdb.server/pread-offset-size.exp
new file mode 100644
index 00000000000..221491bfa04
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.exp
@@ -0,0 +1,50 @@
+# Copyright (C) 2023 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# Test sending of large binary files (>2 GB) from gdbserver
+# (it was unavailable earlier)
+
+load_lib gdbserver-support.exp
+
+if {![allow_gdbserver_tests]} {
+    return
+}
+
+standard_testfile .S
+
+if { [prepare_for_testing ${testfile}.exp $testfile \
+      $srcfile {debug additional_flags=-nostdlib} ] } {
+    return -1
+}
+
+gdb_exit
+gdb_start
+
+gdb_test_no_output "set remote exec-file $binfile" \
+"set remote exec-file"
+
+# Make sure we're disconnected, in case we're testing with an
+# extended-remote board, therefore already connected.
+gdb_test "disconnect" ".*"
+
+set res [gdbserver_spawn ""]
+set gdbserver_protocol [lindex $res 0]
+set gdbserver_gdbport [lindex $res 1]
+
+gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
+"Remote debugging using .*" \
+"target $gdbserver_protocol $gdbserver_gdbport"
+
+gdb_test "break f" "Breakpoint 1.*"
diff --git a/gdbserver/hostio.cc b/gdbserver/hostio.cc
index ea70c26da0f..fcee553c5a3 100644
--- a/gdbserver/hostio.cc
+++ b/gdbserver/hostio.cc
@@ -90,12 +90,18 @@ require_filename (char **pp, char *filename)
   return 0;
 }
 
+template <typename T>
 static int
-require_int (char **pp, int *value)
+require_int (char **pp, T *value)
 {
+  constexpr bool is_signed = std::is_signed<T>::value;
+
   char *p;
   int count, firstdigit;
 
+  /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
+  int max_count = sizeof(T) * CHAR_BIT / 4;
+
   p = *pp;
   *value = 0;
   count = 0;
@@ -112,7 +118,8 @@ require_int (char **pp, int *value)
 	firstdigit = nib;
 
       /* Don't allow overflow.  */
-      if (count >= 8 || (count == 7 && firstdigit >= 0x8))
+      if (count >= max_count || (is_signed && count == (max_count - 1)
+				 && firstdigit >= 0x8))
 	return -1;
 
       *value = *value * 16 + nib;
@@ -344,7 +351,8 @@ handle_open (char *own_buf)
 static void
 handle_pread (char *own_buf, int *new_packet_len)
 {
-  int fd, ret, len, offset, bytes_sent;
+  int fd, ret, len, bytes_sent;
+  off_t offset;
   char *p, *data;
   static int max_reply_size = -1;
 
@@ -411,7 +419,8 @@ handle_pread (char *own_buf, int *new_packet_len)
 static void
 handle_pwrite (char *own_buf, int packet_len)
 {
-  int fd, ret, len, offset;
+  int fd, ret, len;
+  off_t offset;
   char *p, *data;
 
   p = own_buf + strlen ("vFile:pwrite:");
-- 
2.34.1