gdbstub: fix off-by-one in gdb_handle_packet()
memtohex() adds an extra trailing NUL character. Reported-by: AddressSanitizer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20180408145933.1149-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
parent
b2c1742da0
commit
9005774b27
@ -507,6 +507,7 @@ static inline int tohex(int v)
|
|||||||
return v - 10 + 'a';
|
return v - 10 + 'a';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* writes 2*len+1 bytes in buf */
|
||||||
static void memtohex(char *buf, const uint8_t *mem, int len)
|
static void memtohex(char *buf, const uint8_t *mem, int len)
|
||||||
{
|
{
|
||||||
int i, c;
|
int i, c;
|
||||||
@ -999,8 +1000,8 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
|
|||||||
const char *p;
|
const char *p;
|
||||||
uint32_t thread;
|
uint32_t thread;
|
||||||
int ch, reg_size, type, res;
|
int ch, reg_size, type, res;
|
||||||
char buf[MAX_PACKET_LENGTH];
|
|
||||||
uint8_t mem_buf[MAX_PACKET_LENGTH];
|
uint8_t mem_buf[MAX_PACKET_LENGTH];
|
||||||
|
char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
|
||||||
uint8_t *registers;
|
uint8_t *registers;
|
||||||
target_ulong addr, len;
|
target_ulong addr, len;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user