There is no guarantee that target.xml fits in 1024 bytes, and the fixed buffer length requires tedious buffer overflow check. Dynamically allocate the target.xml buffer to resolve these problems.
Suggested-by: Alex Bennée <alex.ben...@linaro.org> Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com> --- gdbstub/internals.h | 2 +- gdbstub/gdbstub.c | 44 ++++++++++++++++++++++++-------------------- gdbstub/softmmu.c | 2 +- 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/gdbstub/internals.h b/gdbstub/internals.h index f2b46cce41..4876ebd74f 100644 --- a/gdbstub/internals.h +++ b/gdbstub/internals.h @@ -33,7 +33,7 @@ typedef struct GDBProcess { uint32_t pid; bool attached; - char target_xml[1024]; + char *target_xml; } GDBProcess; enum RSState { diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c index 78711801db..3f97dc66e5 100644 --- a/gdbstub/gdbstub.c +++ b/gdbstub/gdbstub.c @@ -367,33 +367,37 @@ static const char *get_feature_xml(const char *p, const char **newp, name = NULL; if (strncmp(p, "target.xml", len) == 0) { - char *buf = process->target_xml; - const size_t buf_sz = sizeof(process->target_xml); - /* Generate the XML description for this CPU. */ - if (!buf[0]) { + if (!process->target_xml) { + g_autoptr(GPtrArray) a = g_ptr_array_new_with_free_func(g_free); GDBRegisterState *r; - pstrcat(buf, buf_sz, - "<?xml version=\"1.0\"?>" - "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">" - "<target>"); + g_ptr_array_add( + a, + g_strdup("<?xml version=\"1.0\"?>" + "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">" + "<target>")); if (cc->gdb_arch_name) { - pstrcat(buf, buf_sz, "<architecture>"); - pstrcat(buf, buf_sz, cc->gdb_arch_name(cpu)); - pstrcat(buf, buf_sz, "</architecture>"); + g_ptr_array_add( + a, + g_markup_printf_escaped("<architecture>%s</architecture>", + cc->gdb_arch_name(cpu))); } - pstrcat(buf, buf_sz, "<xi:include href=\""); - pstrcat(buf, buf_sz, cc->gdb_core_xml_file); - pstrcat(buf, buf_sz, "\"/>"); + g_ptr_array_add( + a, + g_markup_printf_escaped("<xi:include href=\"%s\"/>", + cc->gdb_core_xml_file)); for (r = cpu->gdb_regs; r; r = r->next) { - pstrcat(buf, buf_sz, "<xi:include href=\""); - pstrcat(buf, buf_sz, r->xml); - pstrcat(buf, buf_sz, "\"/>"); + g_ptr_array_add( + a, + g_markup_printf_escaped("<xi:include href=\"%s\"/>", + r->xml)); } - pstrcat(buf, buf_sz, "</target>"); + g_ptr_array_add(a, g_strdup("</target>")); + g_ptr_array_add(a, NULL); + process->target_xml = g_strjoinv(NULL, (void *)a->pdata); } - return buf; + return process->target_xml; } if (cc->gdb_get_dynamic_xml) { char *xmlname = g_strndup(p, len); @@ -2199,6 +2203,6 @@ void gdb_create_default_process(GDBState *s) process = &s->processes[s->process_num - 1]; process->pid = pid; process->attached = false; - process->target_xml[0] = '\0'; + process->target_xml = NULL; } diff --git a/gdbstub/softmmu.c b/gdbstub/softmmu.c index f509b7285d..5282324764 100644 --- a/gdbstub/softmmu.c +++ b/gdbstub/softmmu.c @@ -293,7 +293,7 @@ static int find_cpu_clusters(Object *child, void *opaque) assert(cluster->cluster_id != UINT32_MAX); process->pid = cluster->cluster_id + 1; process->attached = false; - process->target_xml[0] = '\0'; + process->target_xml = NULL; return 0; } -- 2.42.0