gdbstub: fix off-by-one in gdb_handle_packet()

memtohex() adds an extra trailing NUL character. Reported-by: AddressSanitizer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20180408145933.1149-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 9005774b27b6aa5e1c99d80bd59d5d048c2f7077) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
author: Philippe Mathieu-Daudé <f4bug@amsat.org> 2018-04-08 11:59:33 -0300
committer: Michael Roth <mdroth@linux.vnet.ibm.com> 2018-06-21 10:18:10 -0500
commit: 9e4fa091eeb29e2363712c886cc1e9ad78631887 (patch)
tree: 2340ec605a2354ce984330827152055d8f773d88
parent: a8e4217b0c4899621ce09669c46d008e2bcfeed4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/gdbstub.c b/gdbstub.c
index 2a94030d3b..ca8433e1b6 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -515,6 +515,7 @@ static inline int tohex(int v)
         return v - 10 + 'a';
 }
 
+/* writes 2*len+1 bytes in buf */
 static void memtohex(char *buf, const uint8_t *mem, int len)
 {
     int i, c;
@@ -970,8 +971,8 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
     const char *p;
     uint32_t thread;
     int ch, reg_size, type, res;
-    char buf[MAX_PACKET_LENGTH];
     uint8_t mem_buf[MAX_PACKET_LENGTH];
+    char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
     uint8_t *registers;
     target_ulong addr, len;
author	Philippe Mathieu-Daudé <f4bug@amsat.org>	2018-04-08 11:59:33 -0300
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2018-06-21 10:18:10 -0500
commit	9e4fa091eeb29e2363712c886cc1e9ad78631887 (patch)
tree	2340ec605a2354ce984330827152055d8f773d88
parent	a8e4217b0c4899621ce09669c46d008e2bcfeed4 (diff)