From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Gdw0=IA=syntacore.com=kirill.radkin@sourceware.org>
Received: from mta-04.yadro.com (mta-04.yadro.com [89.207.88.248])
	by sourceware.org (Postfix) with ESMTPS id ED14F3858407
	for <gdb-patches@sourceware.org>; Thu, 21 Dec 2023 08:38:51 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org ED14F3858407
Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=syntacore.com
Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=syntacore.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org ED14F3858407
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=89.207.88.248
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703147934; cv=none;
	b=IjAbmg6hmZ00Swq24ICylQ34hthXWeL8KdHqgXXa3RRgw8MedDApIpWsWoLWrCyDrw0rMnOFmhgGriZHcd4ojqTXXfXLmIG/aMbvxge3PDmoQXhYmOAYmAfDw5K6utBj5l4Dqa4NXBjPzeh1KytUqrqDF546pLTmTLEvkCM4Oq8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1703147934; c=relaxed/simple;
	bh=evd/29a0EubBa5IoQ3Kdm6pF8dFTvQ+odnnAP26E0LQ=;
	h=DKIM-Signature:DKIM-Signature:From:To:Subject:Date:Message-ID:
	 MIME-Version; b=rCQQtnv0/N8P+MG4pN5/COBWB4W/fPvJuvi5zHY6UfPWQ2CnQh2Y8WugXkvUGOnz7UcRtrmxeHZSnzH17zOFO3VoLrLGQZ+LoHneLbBH1dE5ze3KL28arfYo9H8OX1QBpZKEMfYtx84QwMNdtiMe/v366JG/CLwAZ+eXKGvBGE0=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-04.yadro.com 2F709C0010
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=syntacore.com;
	s=mta-04; t=1703147930;
	bh=V5CW+KubjiWVcQQv5MauBmiAjxYTioSaHNAbzXqpJ9U=;
	h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version:From;
	b=kJcBTBAg1wPQzarwBqLy9GKzRVMta/swhHbCzo+3lhiQopV7H3NmvolW0H9VLoUD7
	 7bhgpWcheOOIJ6GC8g3/Sw+krZfHl6E/bJmwAgvEFYS/dD4GqhNQNNqNMxEezdKN4R
	 ms0Zjh1pNXjbWuKqAIUlrLlVgtoYlGK0Dmry3C53hurhWK3xbmgeyZy5FrT0WMaZ3Q
	 vjNtUl/3FmXne5pQPri5U1m0Qx6iLBs3pTVws3bjwTthAo9XfzqBAEH79dXx9PnNhw
	 Dh5wn3US8NgWQs7FJTOYD20M2q90F/9+L7gCQJfIH6CtArXk3xOn12E4RK8aKzoj6/
	 SerUaDFlzhRWw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=syntacore.com;
	s=mta-03; t=1703147930;
	bh=V5CW+KubjiWVcQQv5MauBmiAjxYTioSaHNAbzXqpJ9U=;
	h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version:From;
	b=pgPqHPRb0qYsPZ72vFBjuiuP3OlfH9TGej3sfkprpHliHZDtdZe/7Uz88jiracXFJ
	 Q1G5yArIk0myq6VYLMTor6csSah/SbY9glo+HyvaSsPtrqblB2sSA0XCkuemZZ6CyE
	 5uf/8IGs+iXKzoFvNqlajkyu2DV5PE/9svsmqpQ1p6L7/z/GIczJZuxq8l3zJ6Ldmc
	 /Ovx4ugKKKxTD1u8bBJBChlvLVgED8ZeHI74R6ZVEyOcY/XB+YA8XoWqHONxj8XVda
	 oHHOw6L1P9MpCU7rBXNAiw1YB1WkJM3qGPzA9nRjKyXRNfcdJWHg6xuU8rOCefxbrY
	 4nzF1Fln1NUuw==
From: Kirill Radkin <kirill.radkin@syntacore.com>
To: "gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
CC: Konstantin Vladimirov <konstantin.vladimirov@syntacore.com>, "Ivan
 Tetyushkin" <ivan.tetyushkin@syntacore.com>
Subject: [PATCH] [gdbserver] Fix overflow detection in gdbserver
Thread-Topic: [PATCH] [gdbserver] Fix overflow detection in gdbserver
Thread-Index: AQHaLZBrYwqE6WZY50ezwup6BeA8mA==
Date: Thu, 21 Dec 2023 08:38:49 +0000
Message-ID: <f4e42985699247b2ab9c2635770063d6@syntacore.com>
Accept-Language: ru-RU, en-US
Content-Language: ru-RU
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Content-Type: multipart/alternative;
	boundary="_000_f4e42985699247b2ab9c2635770063d6syntacorecom_"
MIME-Version: 1.0
X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,HTML_MESSAGE,KAM_SHORT,SPF_HELO_NONE,TXREP,T_SCC_BODY_TEXT_LINE,T_SPF_PERMERROR,T_STY_INVIS_DIRECT autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb-patches.sourceware.org>

--_000_f4e42985699247b2ab9c2635770063d6syntacorecom_
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

Hi,


Recently I have encountered an issue with gdbserver not being able to send =
debug information from large files (> 2Gb). I found that this issue is conn=
ected with parsing offsets (integer) from vFile::pread packets. There is al=
ready a patch (https://sourceware.org/bugzilla/show_bug.cgi?id=3D23198) tha=
t allows to parse integers up to 0x7fffffff (32-bit integer), but it doesn'=
t fix the problem at all, because offsets can have a off_t type which can b=
e larger than 32-bit integer (it depends on system).

This patch allows require_int() function to parse offset up to the maximum =
value implied by the off_t type.


=46rom 01117d757a0eb4f632aded4b15a06dbcccc7adf7 Mon Sep 17 00:00:00 2001
From: Kirill Radkin <kirill.radkin@syntacore.com>
Date: Mon, 13 Nov 2023 16:27:15 +0300
Subject: [PATCH] gdbserver: Fix overflow detection in gdbserver

Currently gdbserver use require_int() function to
parse offset which we get, for example, in vFile::pread
packet. This function allows integers up to 0x7fffffff,
(to fit in 32-bit int) but actually offset (for pread
system call) have a off_t type which can be larger than
32-bit.

This patch allows require_int() function to parse offset
up to the maximum value implied by the off_t type.
---
 gdb/testsuite/gdb.server/pread-offset-size.S  | 26 ++++++++++
 .../gdb.server/pread-offset-size.exp          | 47 +++++++++++++++++++
 gdbserver/hostio.cc                           | 16 +++++--
 3 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.S
 create mode 100644 gdb/testsuite/gdb.server/pread-offset-size.exp

diff --git a/gdb/testsuite/gdb.server/pread-offset-size.S b/gdb/testsuite/g=
db.server/pread-offset-size.S
new file mode 100644
index 00000000000..31748090ac3
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.S
@@ -0,0 +1,26 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2023-2023 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  =
*/
+
+ .text
+ .globl _start
+_start:
+ .skip 3742415472
+   ret
+ .globl f
+ .type f, @function
+f:
+   ret
diff --git a/gdb/testsuite/gdb.server/pread-offset-size.exp b/gdb/testsuite=
/gdb.server/pread-offset-size.exp
new file mode 100644
index 00000000000..a4b648b29fc
--- /dev/null
+++ b/gdb/testsuite/gdb.server/pread-offset-size.exp
@@ -0,0 +1,47 @@
+# Copyright (C) 2023-2023 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+load_lib gdbserver-support.exp
+
+if {[skip_gdbserver_tests]} {
+    return
+}
+
+standard_testfile .S
+
+if { [prepare_for_testing ${testfile}.exp $testfile \
+      $srcfile {debug additional_flags=3D-nostdlib} ] } {
+    return -1
+}
+
+gdb_exit
+gdb_start
+
+gdb_test_no_output "set remote exec-file $binfile" \
+"set remote exec-file"
+
+# Make sure we're disconnected, in case we're testing with an
+# extended-remote board, therefore already connected.
+gdb_test "disconnect" ".*"
+
+set res [gdbserver_spawn ""]
+set gdbserver_protocol [lindex $res 0]
+set gdbserver_gdbport [lindex $res 1]
+
+gdb_test "target $gdbserver_protocol $gdbserver_gdbport" \
+"Remote debugging using .*" \
+"target $gdbserver_protocol $gdbserver_gdbport"
+
+gdb_test "break f" "Breakpoint 1.*"
diff --git a/gdbserver/hostio.cc b/gdbserver/hostio.cc
index ea70c26da0f..068771428f9 100644
--- a/gdbserver/hostio.cc
+++ b/gdbserver/hostio.cc
@@ -90,12 +90,16 @@ require_filename (char **pp, char *filename)
   return 0;
 }

+template <typename T>
 static int
-require_int (char **pp, int *value)
+require_int (char **pp, T *value)
 {
   char *p;
   int count, firstdigit;

+  /* Max count of hexadecimal digits in off_t (1 hex digit is 4 bits) */
+  int max_count =3D sizeof(T) * CHAR_BIT / 4;
+
   p =3D *pp;
   *value =3D 0;
   count =3D 0;
@@ -112,7 +116,9 @@ require_int (char **pp, int *value)
  firstdigit =3D nib;

       /* Don't allow overflow.  */
-      if (count >=3D 8 || (count =3D=3D 7 && firstdigit >=3D 0x8))
+      if (count >=3D max_count || (static_cast<T>(-1) < 0
+ && count =3D=3D (max_count - 1)
+ && firstdigit >=3D 0x8))
  return -1;

       *value =3D *value * 16 + nib;
@@ -344,7 +350,8 @@ handle_open (char *own_buf)
 static void
 handle_pread (char *own_buf, int *new_packet_len)
 {
-  int fd, ret, len, offset, bytes_sent;
+  int fd, ret, len, bytes_sent;
+  off_t offset;
   char *p, *data;
   static int max_reply_size =3D -1;

@@ -411,7 +418,8 @@ handle_pread (char *own_buf, int *new_packet_len)
 static void
 handle_pwrite (char *own_buf, int packet_len)
 {
-  int fd, ret, len, offset;
+  int fd, ret, len;
+  off_t offset;
   char *p, *data;

   p =3D own_buf + strlen ("vFile:pwrite:");
--
2.34.1

--_000_f4e42985699247b2ab9c2635770063d6syntacorecom_--