Commit 046aba16 authored by Markus Armbruster's avatar Markus Armbruster
Browse files

gdbstub: Reject invalid RLE repeat counts 



"Debugging with GDB / Appendix E GDB Remote Serial Protocol /
Overview" specifies "The printable characters '#' and '$' or with a
numeric value greater than 126 must not be used."  gdb_read_byte()
only rejects values < 32.  This is wrong.  Impact depends on the caller:

* gdb_handlesig() passes a char.  Incorrectly accepts '#', '$' and
  '\127'.

* gdb_chr_receive() passes an uint8_t.  Additionally accepts
  characters with the most-significant bit set.

Correct the validity check to match the specification.

Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
Reviewed-by: default avatarPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190514180311.16028-4-armbru@redhat.com>
parent d18dc3af

gdbstub.c

+5 −1
Original line number Diff line number Diff line
@@ -2064,7 +2064,11 @@ static void gdb_read_byte(GDBState *s, int ch) 
            }

            break;

        case RS_GETLINE_RLE:

            if (ch < ' ') {

            /*

             * Run-length encoding is explained in "Debugging with GDB /

             * Appendix E GDB Remote Serial Protocol / Overview".

             */

            if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {

                /* invalid RLE count encoding */

                trace_gdbstub_err_invalid_repeat((uint8_t)ch);

                s->state = RS_GETLINE;