Philippe Mathieu-Daudé <phi...@redhat.com> writes: > On 4/18/19 4:53 PM, Markus Armbruster wrote: >> "Debugging with GDB / Appendix E GDB Remote Serial Protocol / >> Overview" specifies "The printable characters '#' and '$' or with a >> numeric value greater than 126 must not be used." gdb_read_byte() >> only rejects values < 32. This is wrong. Impact depends on the caller: >> >> * gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and >> '\127'. >> >> * gdb_chr_receive() passes an uint8_t. Additionally accepts >> characters with the most-significant bit set. >> >> Correct the validity check to match the specification. >> >> Signed-off-by: Markus Armbruster <arm...@redhat.com> >> --- >> gdbstub.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/gdbstub.c b/gdbstub.c >> index d54abd17cc..a6dce1b027 100644 >> --- a/gdbstub.c >> +++ b/gdbstub.c >> @@ -2064,7 +2064,7 @@ static void gdb_read_byte(GDBState *s, int ch) >> } >> break; >> case RS_GETLINE_RLE: >> - if (ch < ' ') { > > Can you add a comment referring to the ""Debugging with GDB / Appendix E > GDB Remote Serial Protocol / Overview" here?
Like this? case RS_GETLINE_RLE: /* * Run-length encoding is explained in "Debugging with GDB / * Appendix E GDB Remote Serial Protocol / Overview". */ if (ch < ' ') { > Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com> Thanks! >> + if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) { >> /* invalid RLE count encoding */ >> trace_gdbstub_err_invalid_repeat((uint8_t)ch); >> s->state = RS_GETLINE; >>