There is no guarantee that target.xml fits in 1024 bytes, and the fixed
buffer length requires tedious buffer overflow check. Dynamically
allocate the target.xml buffer to resolve these problems.
Suggested-by: Alex Bennée <alex.ben...@linaro.org>
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
---
gdbstub/internals.h | 2 +-
gdbstub/gdbstub.c | 44 ++++++++++++++++++++++++--------------------
gdbstub/softmmu.c | 2 +-
3 files changed, 26 insertions(+), 22 deletions(-)
diff --git a/gdbstub/internals.h b/gdbstub/internals.h
index f2b46cce41..4876ebd74f 100644
--- a/gdbstub/internals.h
+++ b/gdbstub/internals.h
@@ -33,7 +33,7 @@ typedef struct GDBProcess {
uint32_t pid;
bool attached;
- char target_xml[1024];
+ char *target_xml;
} GDBProcess;
enum RSState {
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index c2ce970c98..452b5bf0ef 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -366,33 +366,37 @@ static const char *get_feature_xml(const char *p, const
char **newp,
name = NULL;
if (strncmp(p, "target.xml", len) == 0) {
- char *buf = process->target_xml;
- const size_t buf_sz = sizeof(process->target_xml);
-
/* Generate the XML description for this CPU. */
- if (!buf[0]) {
+ if (!process->target_xml) {
+ g_autoptr(GPtrArray) a = g_ptr_array_new_with_free_func(g_free);
GDBRegisterState *r;
- pstrcat(buf, buf_sz,
- "<?xml version=\"1.0\"?>"
- "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
- "<target>");
+ g_ptr_array_add(
+ a,
+ g_strdup("<?xml version=\"1.0\"?>"
+ "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
+ "<target>"));
if (cc->gdb_arch_name) {
- pstrcat(buf, buf_sz, "<architecture>");
- pstrcat(buf, buf_sz, cc->gdb_arch_name(cpu));
- pstrcat(buf, buf_sz, "</architecture>");
+ g_ptr_array_add(
+ a,
+ g_markup_printf_escaped("<architecture>%s</architecture>",
+ cc->gdb_arch_name(cpu)));
}
- pstrcat(buf, buf_sz, "<xi:include href=\"");
- pstrcat(buf, buf_sz, cc->gdb_core_feature->xmlname);
- pstrcat(buf, buf_sz, "\"/>");
+ g_ptr_array_add(
+ a,
+ g_markup_printf_escaped("<xi:include href=\"%s\"/>",
+ cc->gdb_core_feature->xmlname));
for (r = cpu->gdb_regs; r; r = r->next) {
- pstrcat(buf, buf_sz, "<xi:include href=\"");
- pstrcat(buf, buf_sz, r->feature->xmlname);
- pstrcat(buf, buf_sz, "\"/>");
+ g_ptr_array_add(
+ a,
+ g_markup_printf_escaped("<xi:include href=\"%s\"/>",
+ r->feature->xmlname));
}
- pstrcat(buf, buf_sz, "</target>");
+ g_ptr_array_add(a, g_strdup("</target>"));
+ g_ptr_array_add(a, NULL);
+ process->target_xml = g_strjoinv(NULL, (void *)a->pdata);
}
- return buf;
+ return process->target_xml;
}
if (cc->gdb_get_dynamic_xml) {
char *xmlname = g_strndup(p, len);
@@ -2270,6 +2274,6 @@ void gdb_create_default_process(GDBState *s)
process = &s->processes[s->process_num - 1];
process->pid = pid;
process->attached = false;
- process->target_xml[0] = '\0';
+ process->target_xml = NULL;
}
diff --git a/gdbstub/softmmu.c b/gdbstub/softmmu.c
index f509b7285d..5282324764 100644
--- a/gdbstub/softmmu.c
+++ b/gdbstub/softmmu.c
@@ -293,7 +293,7 @@ static int find_cpu_clusters(Object *child, void *opaque)
assert(cluster->cluster_id != UINT32_MAX);
process->pid = cluster->cluster_id + 1;
process->attached = false;
- process->target_xml[0] = '\0';
+ process->target_xml = NULL;
return 0;
}
--
2.41.0
