blob: b766d18b518059742a56d2a737dea87fc5d5b22a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
files: 0.485
device: 0.471
socket: 0.466
register: 0.430
PID: 0.428
kernel: 0.415
ppc: 0.346
debug: 0.317
semantic: 0.316
network: 0.306
hypervisor: 0.302
performance: 0.270
architecture: 0.268
mistranslation: 0.242
TCG: 0.229
vnc: 0.214
VMM: 0.180
graphic: 0.177
boot: 0.177
permissions: 0.172
virtual: 0.169
peripherals: 0.160
risc-v: 0.152
assembly: 0.151
x86: 0.145
KVM: 0.144
arm: 0.136
user-level: 0.113
i386: 0.086
Xfer:features:read truncating xml sent to gdb frontends
Around line 1326 in gdbstub.c:
if (len > (MAX_PACKET_LENGTH - 5) / 2)
len = (MAX_PACKET_LENGTH - 5) / 2;
is truncating processor reg description xml files longer than 2045 bytes. Deleting these lines works for my immediate need, but they seem to be trying to fix some buffer overrun condition so I won't offer a patch until we understand their purpose.
On 8 July 2017 at 22:19, Duane Voth <email address hidden> wrote:
> Around line 1326 in gdbstub.c:
>
> if (len > (MAX_PACKET_LENGTH - 5) / 2)
> len = (MAX_PACKET_LENGTH - 5) / 2;
>
> is truncating processor reg description xml files longer than 2045
> bytes. Deleting these lines works for my immediate need, but they seem
> to be trying to fix some buffer overrun condition so I won't offer a
> patch until we understand their purpose.
Those lines prevent the packet we're constructing overrunning
the buf[] array (in the worst case the packet encoding could
use 2 bytes of buffer for every byte of payload). It's probably
working for you without them because (a) the XML payload doesn't
come near the worst-case and (b) buf[] is followed on the stack
by mem_buf[] which happens to be unused here so overrunning into
it has no visible harmful effects.
Truncating the XML is clearly not what we want though so we
should do something more intelligent...
thanks
-- PMM
The QEMU project is currently considering to move its bug tracking to
another system. For this we need to know which bugs are still valid
and which could be closed already. Thus we are setting older bugs to
"Incomplete" now.
If you still think this bug report here is valid, then please switch
the state back to "New" within the next 60 days, otherwise this report
will be marked as "Expired". Or please mark it as "Fix Released" if
the problem has been solved with a newer version of QEMU already.
Thank you and sorry for the inconvenience.
[Expired for QEMU because there has been no activity for 60 days.]
Problematic code now around lines 2221 (in handle_query_xfer_features) ... lol I'm the only one impacted ... all the large register set cpus can be affected.
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/458
|