[Pdbg] [PATCH 06/14] gdbserver: fix read buffer overflow
Joel Stanley
joel at jms.id.au
Wed Mar 16 10:13:48 AEDT 2022
On Mon, 14 Mar 2022 at 04:18, Nicholas Piggin <npiggin at gmail.com> wrote:
>
> buffer gets NUL terminated so read must return max of size-1.
>
> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
> ---
> src/pdbgproxy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/pdbgproxy.c b/src/pdbgproxy.c
> index 906ed2f..78b1236 100644
> --- a/src/pdbgproxy.c
> +++ b/src/pdbgproxy.c
> @@ -388,7 +388,7 @@ static int read_from_client(int fd)
> char buffer[BUFFER_SIZE + 1];
I assume the intent of BUFFER_SIZE+1 was to allow for the null, which
would work if we read BUFFER_SIZE. But I think sizeof(buffer) - 1 is
safer. You could get rid of the +1 perhaps?
Reviewed-by: Joel Stanley <joel at jms.id.au>
> int nbytes;
>
> - nbytes = read(fd, buffer, sizeof(buffer));
> + nbytes = read(fd, buffer, sizeof(buffer) - 1);
> if (nbytes < 0) {
> perror(__FUNCTION__);
> return -1;
> --
> 2.23.0
>
> --
> Pdbg mailing list
> Pdbg at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/pdbg
More information about the Pdbg
mailing list