Commit 9005774b authored by Philippe Mathieu-Daudé's avatar Philippe Mathieu-Daudé Committed by Peter Maydell
Browse files

gdbstub: fix off-by-one in gdb_handle_packet() 



memtohex() adds an extra trailing NUL character.

Reported-by: AddressSanitizer
Signed-off-by: default avatarPhilippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
Message-id: 20180408145933.1149-1-f4bug@amsat.org
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parent b2c1742d

gdbstub.c

+2 −1
Original line number Diff line number Diff line
@@ -507,6 +507,7 @@ static inline int tohex(int v) 
        return v - 10 + 'a';

}



/* writes 2*len+1 bytes in buf */

static void memtohex(char *buf, const uint8_t *mem, int len)

{

    int i, c;
@@ -999,8 +1000,8 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf) 
    const char *p;

    uint32_t thread;

    int ch, reg_size, type, res;

    char buf[MAX_PACKET_LENGTH];

    uint8_t mem_buf[MAX_PACKET_LENGTH];

    char buf[sizeof(mem_buf) + 1 /* trailing NUL */];

    uint8_t *registers;

    target_ulong addr, len;