diff options
| author | Philippe Mathieu-Daudé <f4bug@amsat.org> | 2018-04-08 11:59:33 -0300 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-04-09 14:18:39 +0100 |
| commit | 9005774b27b6aa5e1c99d80bd59d5d048c2f7077 (patch) | |
| tree | 1661fcdfa8b14b233ac003124ef8f260695dd84c /gdbstub.c | |
| parent | b2c1742da0c79dd52080260edacaf0a7b6d309e5 (diff) | |
| download | focaccia-qemu-9005774b27b6aa5e1c99d80bd59d5d048c2f7077.tar.gz focaccia-qemu-9005774b27b6aa5e1c99d80bd59d5d048c2f7077.zip | |
gdbstub: fix off-by-one in gdb_handle_packet()
memtohex() adds an extra trailing NUL character. Reported-by: AddressSanitizer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20180408145933.1149-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'gdbstub.c')
| -rw-r--r-- | gdbstub.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/gdbstub.c b/gdbstub.c index a76b2fa481..3c3807358c 100644 --- a/gdbstub.c +++ b/gdbstub.c @@ -507,6 +507,7 @@ static inline int tohex(int v) return v - 10 + 'a'; } +/* writes 2*len+1 bytes in buf */ static void memtohex(char *buf, const uint8_t *mem, int len) { int i, c; @@ -999,8 +1000,8 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf) const char *p; uint32_t thread; int ch, reg_size, type, res; - char buf[MAX_PACKET_LENGTH]; uint8_t mem_buf[MAX_PACKET_LENGTH]; + char buf[sizeof(mem_buf) + 1 /* trailing NUL */]; uint8_t *registers; target_ulong addr, len; |