|
From: <sv...@va...> - 2011-12-26 21:26:19
|
Author: philippe
Date: 2011-12-26 21:21:37 +0000 (Mon, 26 Dec 2011)
New Revision: 12319
Log:
fix 289699 vgdb connection in relay mode erroneously closed due to buffer overrun
* use PBUFSIZ+1 for buffers reading characters from gdbserver:
vgdb reads up to PBUFSIZ characters from gdbserver.
If vgdb receives a burst of packet from Valgrind gdbserver, PBUFSIZ
characters can be read. The tracing code adds a trailing \0 to
this buffer => to avoid buffer overrun, the buffers are dimensionned
with PBUFSIZ+1.
* use read_buf in function read_char, rather than directly calling read.
Modified:
trunk/NEWS
trunk/coregrind/vgdb.c
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2011-12-26 18:35:29 UTC (rev 12318)
+++ trunk/NEWS 2011-12-26 21:21:37 UTC (rev 12319)
@@ -29,8 +29,8 @@
286270 vgpreload is not friendly to 64->32 bit execs, gives ld.so warnings
286374 Running cachegrind with --branch-sim=yes on 64-bit PowerPC program fails
287858 VG_(strerror): unknown error
+289699 vgdb connection in relay mode erroneously closed due to buffer overrun
-
Release 3.7.0 (5 November 2011)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3.7.0 is a feature release with many significant improvements and the
Modified: trunk/coregrind/vgdb.c
===================================================================
--- trunk/coregrind/vgdb.c 2011-12-26 18:35:29 UTC (rev 12318)
+++ trunk/coregrind/vgdb.c 2011-12-26 21:21:37 UTC (rev 12319)
@@ -1364,7 +1364,7 @@
static
Bool read_from_gdb_write_to_pid(int to_pid)
{
- char buf[PBUFSIZ];
+ char buf[PBUFSIZ+1]; // +1 for trailing \0
int nrread;
nrread = read_buf(from_gdb, buf, "from gdb on stdin");
@@ -1388,7 +1388,7 @@
static
Bool read_from_pid_write_to_gdb(int from_pid)
{
- char buf[PBUFSIZ];
+ char buf[PBUFSIZ+1]; // +1 for trailing \0
int nrread;
nrread = read_buf(from_pid, buf, "from pid");
@@ -1493,14 +1493,14 @@
static int
readchar (int fd)
{
- static unsigned char buf[PBUFSIZ];
+ static unsigned char buf[PBUFSIZ+1]; // +1 for trailing \0
static int bufcnt = 0;
static unsigned char *bufp;
if (bufcnt-- > 0)
return *bufp++;
- bufcnt = read (fd, buf, sizeof (buf));
+ bufcnt = read_buf (fd, buf, "static buf readchar");
if (bufcnt <= 0) {
if (bufcnt == 0) {
@@ -1810,10 +1810,10 @@
if (!read_from_gdb_write_to_pid(to_pid))
shutting_down = True;
break;
- case FROM_PID:
- if (!read_from_pid_write_to_gdb(from_pid))
- shutting_down = True;
- break;
+ case FROM_PID:
+ if (!read_from_pid_write_to_gdb(from_pid))
+ shutting_down = True;
+ break;
default: XERROR(0, "unexpected POLLIN on %s\n",
ppConnectionKind(ck));
}
@@ -1874,7 +1874,7 @@
unsigned char hex[3];
unsigned char cksum;
unsigned char *hexcommand;
- unsigned char buf[PBUFSIZ];
+ unsigned char buf[PBUFSIZ+1]; // +1 for trailing \0
int buflen;
int nc;
|