aboutsummaryrefslogtreecommitdiff
path: root/qemu-tech.texi
diff options
context:
space:
mode:
authorMarkus Armbruster <armbru@redhat.com>2019-05-14 20:03:09 +0200
committerMarkus Armbruster <armbru@redhat.com>2019-05-22 15:00:04 +0200
commit33c846efa22d62ea6489371789fc9fbd11b3cd3c (patch)
tree47abf42f6b725bd0c55990777db2f25208dbba55 /qemu-tech.texi
parent046aba169bc21c08823cfbe8d4f3b4ad116ac676 (diff)
gdbstub: Fix misuse of isxdigit()
gdb_read_byte() passes its @ch argument to isxdigit(). Undefined behavior when the value is negative. Two callers: * gdb_chr_receive() passes an uint8_t value. Safe. * gdb_handlesig() a char value. Unsafe. Not a security issue, because the characters come from the gdb client, which is trusted. The obvious fix would be casting @ch to unsigned char. But note that gdb_read_byte() already casts @ch to uint8_t in many places. Uses of @ch without such a cast: (1) Compare to a character constant with == or != (2) s->linesum += ch (3) Store ch or ch ^ 0x20 into s->line_buf[] (4) Check for invalid RLE count: ch < ' ' || ch == '#' || ch == '$' || ch > 126 (5) Pass to isxdigit() (6) Pass to fromhex() Change the parameter type from int to uint8_t, and drop the now redundant casts. Affects the above uses as follows: (1) No change: the character constants are all non-negative. (2) Effectively no change: we only ever use s->linesum & 0xff, and s->linesum is int. (3) No change: s->line_buf[] is char[]. (4) No change. (5) Avoid undefined behavior. (6) No change: only reached when isxdigit(ch) Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190514180311.16028-5-armbru@redhat.com>
Diffstat (limited to 'qemu-tech.texi')
0 files changed, 0 insertions, 0 deletions