gdbstub: Reject invalid RLE repeat counts

"Debugging with GDB / Appendix E GDB Remote Serial Protocol / Overview" specifies "The printable characters '#' and '$' or with a numeric value greater than 126 must not be used." gdb_read_byte() only rejects values < 32. This is wrong. Impact depends on the caller: * gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and '\127'. * gdb_chr_receive() passes an uint8_t. Additionally accepts characters with the most-significant bit set. Correct the validity check to match the specification. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190514180311.16028-4-armbru@redhat.com>
2019-05-14 20:03:08 +02:00 · 2019-05-14 20:03:08 +02:00 · 046aba169b
commit 046aba169b
parent d18dc3af47
1 changed files with 5 additions and 1 deletions
--- a/gdbstub.c
+++ b/gdbstub.c
@ -2064,7 +2064,11 @@ static void gdb_read_byte(GDBState *s, int ch)
            }
            break;
        case RS_GETLINE_RLE:
-            if (ch < ' ') {
+            /*
+             * Run-length encoding is explained in "Debugging with GDB /
+             * Appendix E GDB Remote Serial Protocol / Overview".
+             */
+            if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
                /* invalid RLE count encoding */
                trace_gdbstub_err_invalid_repeat((uint8_t)ch);
                s->state = RS_GETLINE;