Re: [Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml s

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml s

From:	Peter Maydell
Subject:	Re: [Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml sent to gdb frontends
Date:	Sat, 8 Jul 2017 22:44:42 +0100

On 8 July 2017 at 22:19, Duane Voth <address@hidden> wrote:
> Around line 1326 in gdbstub.c:
>
>             if (len > (MAX_PACKET_LENGTH - 5) / 2)
>                 len = (MAX_PACKET_LENGTH - 5) / 2;
>
> is truncating processor reg description xml files longer than 2045
> bytes.  Deleting these lines works for my immediate need, but they seem
> to be trying to fix some buffer overrun condition so I won't offer a
> patch until we understand their purpose.

Those lines prevent the packet we're constructing overrunning
the buf[] array (in the worst case the packet encoding could
use 2 bytes of buffer for every byte of payload). It's probably
working for you without them because (a) the XML payload doesn't
come near the worst-case and (b) buf[] is followed on the stack
by mem_buf[] which happens to be unused here so overrunning into
it has no visible harmful effects.

Truncating the XML is clearly not what we want though so we
should do something more intelligent...

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml sent to gdb frontends, Duane Voth, 2017/07/08
- Re: [Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml sent to gdb frontends, Peter Maydell <=

Prev by Date: [Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml sent to gdb frontends
Next by Date: [Qemu-devel] Wiki page for CRIS
Previous by thread: [Qemu-devel] [Bug 1703147] [NEW] Xfer:features:read truncating xml sent to gdb frontends
Next by thread: [Qemu-devel] Wiki page for CRIS
Index(es):
- Date
- Thread