diff options
author | Markus Armbruster <armbru@redhat.com> | 2019-05-14 20:03:09 +0200 |
---|---|---|
committer | Markus Armbruster <armbru@redhat.com> | 2019-05-22 15:00:04 +0200 |
commit | 33c846efa22d62ea6489371789fc9fbd11b3cd3c (patch) | |
tree | 47abf42f6b725bd0c55990777db2f25208dbba55 /qemu-tech.texi | |
parent | 046aba169bc21c08823cfbe8d4f3b4ad116ac676 (diff) |
gdbstub: Fix misuse of isxdigit()
gdb_read_byte() passes its @ch argument to isxdigit(). Undefined
behavior when the value is negative. Two callers:
* gdb_chr_receive() passes an uint8_t value. Safe.
* gdb_handlesig() a char value. Unsafe. Not a security issue,
because the characters come from the gdb client, which is trusted.
The obvious fix would be casting @ch to unsigned char. But note that
gdb_read_byte() already casts @ch to uint8_t in many places. Uses of
@ch without such a cast:
(1) Compare to a character constant with == or !=
(2) s->linesum += ch
(3) Store ch or ch ^ 0x20 into s->line_buf[]
(4) Check for invalid RLE count:
ch < ' ' || ch == '#' || ch == '$' || ch > 126
(5) Pass to isxdigit()
(6) Pass to fromhex()
Change the parameter type from int to uint8_t, and drop the now
redundant casts. Affects the above uses as follows:
(1) No change: the character constants are all non-negative.
(2) Effectively no change: we only ever use s->linesum & 0xff, and
s->linesum is int.
(3) No change: s->line_buf[] is char[].
(4) No change.
(5) Avoid undefined behavior.
(6) No change: only reached when isxdigit(ch)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190514180311.16028-5-armbru@redhat.com>
Diffstat (limited to 'qemu-tech.texi')
0 files changed, 0 insertions, 0 deletions