[Pdbg] [PATCH 06/14] gdbserver: fix read buffer overflow
Nicholas Piggin
npiggin at gmail.com
Tue Mar 29 19:52:05 AEDT 2022
Excerpts from Joel Stanley's message of March 16, 2022 9:13 am:
> On Mon, 14 Mar 2022 at 04:18, Nicholas Piggin <npiggin at gmail.com> wrote:
>>
>> buffer gets NUL terminated so read must return max of size-1.
>>
>> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
>> ---
>> src/pdbgproxy.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/src/pdbgproxy.c b/src/pdbgproxy.c
>> index 906ed2f..78b1236 100644
>> --- a/src/pdbgproxy.c
>> +++ b/src/pdbgproxy.c
>> @@ -388,7 +388,7 @@ static int read_from_client(int fd)
>> char buffer[BUFFER_SIZE + 1];
>
> I assume the intent of BUFFER_SIZE+1 was to allow for the null, which
> would work if we read BUFFER_SIZE. But I think sizeof(buffer) - 1 is
> safer. You could get rid of the +1 perhaps?
Yeah that more logically consistent. I'll change.
>
> Reviewed-by: Joel Stanley <joel at jms.id.au>
>
>
>> int nbytes;
>>
>> - nbytes = read(fd, buffer, sizeof(buffer));
>> + nbytes = read(fd, buffer, sizeof(buffer) - 1);
>> if (nbytes < 0) {
>> perror(__FUNCTION__);
>> return -1;
>> --
>> 2.23.0
>>
>> --
>> Pdbg mailing list
>> Pdbg at lists.ozlabs.org
>> https://lists.ozlabs.org/listinfo/pdbg
>
More information about the Pdbg
mailing list