From: Kirill Radkin <kirill.radkin@syntacore.com>
To: "gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
Cc: Konstantin Vladimirov <konstantin.vladimirov@syntacore.com>,
"Ivan Tetyushkin" <ivan.tetyushkin@syntacore.com>
Subject: [PATCH] [gdbserver] Fix overflow detection in gdbserver
Date: Thu, 21 Dec 2023 08:38:49 +0000 [thread overview]
Message-ID: <f4e42985699247b2ab9c2635770063d6@syntacore.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 6037 bytes --]
Hi,
Recently I have encountered an issue with gdbserver not being able to send debug information from large files (> 2Gb). I found that this issue is connected with parsing offsets (integer) from vFile::pread packets. There is already a patch (https://sourceware.org/bugzilla/show_bug.cgi?id=23198) that allows to parse integers up to 0x7fffffff (32-bit integer), but it doesn't fix the problem at all, because offsets can have a off_t type which can be larger than 32-bit integer (it depends on system).
This patch allows require_int() function to parse offset up to the maximum value implied by the off_t type.
From 01117d757a0eb4f632aded4b15a06dbcccc7adf7 Mon Sep 17 00:00:00 2001
From: Kirill Radkin <kirill.radkin@syntacore.com>
Date: Mon, 13 Nov 2023 16:27:15 +0300
Subject: [PATCH] gdbserver: Fix overflow detection in gdbserver
Currently gdbserver use require_int() function to
parse offset which we get, for example, in vFile::pread
packet. This function allows integers up to 0x7fffffff,
(to fit in 32-bit int) but actually offset (for pread
system call) have a off_t type which can be larger than
32-bit.
This patch allows require_int() function to parse offset
up to the maximum value implied by the off_t type.
---
gdb/testsuite/gdb.server/pread-offset-size.S | 26 ++++++++++
.../gdb.server/pread-offset-size.exp | 47 +++++++++++++++++++
gdbserver/hostio.cc | 16 +++++--
3 files changed, 85 insertions(+), 4 deletions(-)
create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp
diff --git a/gdb/testsuite/gdb.server/pread-offset-size.S b/gdb/testsuite/gdb.server/pread-offset-size.S
new file mode 100644
index 00000000000..31748090ac3
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.S
@@ -0,0 +1,26 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+ Copyright 2023-2023 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+ .text
+ .globl _start
+_start:
+ .skip 3742415472
+ ret
+ .globl f
+ .type f, @function
+f:
+ ret
diff --git a/gdb/testsuite/gdb.server/pread-offset-size.exp b/gdb/testsuite/gdb.server/pread-offset-size.exp
new file mode 100644
index 00000000000..a4b648b29fc
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.exp
@@ -0,0 +1,47 @@
+# Copyright (C) 2023-2023 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+load_lib gdbserver-support.exp
+
+if {[skip_gdbserver_tests]} {
+ return
+}
+
+standard_testfile .S
+
+if { [prepare_for_testing ${testfile}.exp $testfile \
+ $srcfile {debug additional_flags=-nostdlib} ] } {
+ return -1
+}
+
+gdb_exit
+gdb_start
+
+gdb_test_no_output "set remote exec-file $binfile" \
+"set remote exec-file"
+
+# Make sure we're disconnected, in case we're testing with an
+# extended-remote board, therefore already connected.
+gdb_test "disconnect" ".*"
+
+set res [gdbserver_spawn ""]
+set gdbserver_protocol [lindex $res 0]
+set gdbserver_gdbport [lindex $res 1]
+
+gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
+"Remote debugging using .*" \
+"target $gdbserver_protocol $gdbserver_gdbport"
+
+gdb_test "break f" "Breakpoint 1.*"
diff --git a/gdbserver/hostio.cc b/gdbserver/hostio.cc
index ea70c26da0f..068771428f9 100644
--- a/gdbserver/hostio.cc
+++ b/gdbserver/hostio.cc
@@ -90,12 +90,16 @@ require_filename (char **pp, char *filename)
return 0;
}
+template <typename T>
static int
-require_int (char **pp, int *value)
+require_int (char **pp, T *value)
{
char *p;
int count, firstdigit;
+ /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
+ int max_count = sizeof(T) * CHAR_BIT / 4;
+
p = *pp;
*value = 0;
count = 0;
@@ -112,7 +116,9 @@ require_int (char **pp, int *value)
firstdigit = nib;
/* Don't allow overflow. */
- if (count >= 8 || (count == 7 && firstdigit >= 0x8))
+ if (count >= max_count || (static_cast<T>(-1) < 0
+ && count == (max_count - 1)
+ && firstdigit >= 0x8))
return -1;
*value = *value * 16 + nib;
@@ -344,7 +350,8 @@ handle_open (char *own_buf)
static void
handle_pread (char *own_buf, int *new_packet_len)
{
- int fd, ret, len, offset, bytes_sent;
+ int fd, ret, len, bytes_sent;
+ off_t offset;
char *p, *data;
static int max_reply_size = -1;
@@ -411,7 +418,8 @@ handle_pread (char *own_buf, int *new_packet_len)
static void
handle_pwrite (char *own_buf, int packet_len)
{
- int fd, ret, len, offset;
+ int fd, ret, len;
+ off_t offset;
char *p, *data;
p = own_buf + strlen ("vFile:pwrite:");
--
2.34.1
next reply other threads:[~2023-12-21 8:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-21 8:38 Kirill Radkin [this message]
2023-12-21 19:42 ` Simon Marchi
2023-12-22 15:41 ` Tom Tromey
2024-01-10 14:57 ` [PATCH] gdbserver: " Kirill Radkin
2024-02-08 16:19 ` Tom Tromey
2024-02-19 14:19 ` [PATCH v2] " Kirill Radkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f4e42985699247b2ab9c2635770063d6@syntacore.com \
--to=kirill.radkin@syntacore.com \
--cc=gdb-patches@sourceware.org \
--cc=ivan.tetyushkin@syntacore.com \
--cc=konstantin.vladimirov@syntacore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).