rpms/gdb
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
337e4aece4
gdb/gdb-6.6-bz238285-gcore-strings-overflow.patch
Jan Kratochvil acb618c727 - Fixup for the PPC Power6/DFP instructions disassembly (BZ 230000). 
- New testcase for the GCORE buffer overflow (for BZ 238285, formerly
    235753).
- Related: rhbz#230000 rhbz#238285 rhbz#235753
2007-04-28 21:50:42 +00:00

152 lines
5.4 KiB
Diff
Raw Blame History

Failing on _FORTIFY_SOURCE=2 for `gdb.base/corefile.exp'.
--- gdb-6.6/gdb/linux-nat.c-orig 2007-04-08 21:12:38.000000000 +0200
+++ gdb-6.6/gdb/linux-nat.c 2007-04-09 20:05:43.000000000 +0200
@@ -2838,7 +2838,9 @@ linux_nat_make_corefile_notes (bfd *obfd
{
struct linux_nat_corefile_thread_data thread_args;
struct cleanup *old_chain;
+ /* Length must be >= sizeof (prpsinfo_t.pr_fname). */
char fname[16] = { '\0' };
+ /* Length must be >= sizeof (prpsinfo_t.pr_psargs). */
char psargs[80] = { '\0' };
char *note_data = NULL;
ptid_t current_ptid = inferior_ptid;
@@ -2851,9 +2853,14 @@ linux_nat_make_corefile_notes (bfd *obfd
strncpy (psargs, get_exec_file (0), sizeof (psargs));
if (get_inferior_args ())
{
- strncat (psargs, " ", sizeof (psargs) - strlen (psargs));
- strncat (psargs, get_inferior_args (),
- sizeof (psargs) - strlen (psargs));
+ /* linux_elfcore_write_prpsinfo () handles zero non-terminated
+ strings right if they provide enough characters for its purposes.
+ Handle to fully filled (=> zero non-terminated) strings here. */
+ if (memchr (psargs, 0, sizeof (psargs)) != NULL)
+ strncat (psargs, " ", sizeof (psargs) - strlen (psargs) - 1);
+ if (memchr (psargs, 0, sizeof (psargs)) != NULL)
+ strncat (psargs, get_inferior_args (),
+ sizeof (psargs) - strlen (psargs) - 1);
}
note_data = (char *) linux_elfcore_write_prpsinfo (obfd, note_data,
note_size, fname,
2007-04-28 Jan Kratochvil <jan.kratochvil@redhat.com>
* gdb.base/gcore-buffer-overflow.c, gdb.base/gcore-buffer-overflow.exp:
New files.
Index: ./gdb/testsuite/gdb.base/gcore-buffer-overflow.c
===================================================================
RCS file: gdb/testsuite/gdb.base/gcore-buffer-overflow.c
diff -N gdb/testsuite/gdb.base/gcore-buffer-overflow.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ ./gdb/testsuite/gdb.base/gcore-buffer-overflow.c 28 Apr 2007 18:48:15 -0000
@@ -0,0 +1,27 @@
+/* Copyright 2007 Free Software Foundation, Inc.
+
+ This file is part of GDB.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA. */
+
+/*
+ * Test GDB's internal buffers safety for the GCORE command.
+ */
+
+int main (void)
+{
+ return 0;
+}
Index: ./gdb/testsuite/gdb.base/gcore-buffer-overflow.exp
===================================================================
RCS file: gdb/testsuite/gdb.base/gcore-buffer-overflow.exp
diff -N gdb/testsuite/gdb.base/gcore-buffer-overflow.exp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ ./gdb/testsuite/gdb.base/gcore-buffer-overflow.exp 28 Apr 2007 18:48:15 -0000
@@ -0,0 +1,70 @@
+# Copyright 2007 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Please email any bugs, comments, and/or additions to this file to:
+# bug-gdb@prep.ai.mit.edu
+
+# Test GDB's internal buffers safety for the GCORE command.
+
+if $tracelevel then {
+ strace $tracelevel
+}
+
+set prms_id 0
+set bug_id 0
+
+set testfile "gcore-buffer-overflow"
+set srcfile ${testfile}.c
+# The ${binfile} basename needs to exceed 80 characters (`sizeof (psargs)')
+# plus some additional data to overwrite the stack frame.
+set pattern 01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+set binfile ${objdir}/${subdir}/${testfile}-${pattern}
+
+if { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } {
+ untested gcore.exp
+ return -1
+}
+
+# Start with a fresh gdb.
+
+gdb_exit
+gdb_start
+gdb_reinitialize_dir $srcdir/$subdir
+gdb_load ${binfile}
+
+gdb_test "set args ${pattern}" \
+ "" \
+ "Set buffer exceeding arguments"
+
+if { ! [ runto_main ] } then {
+ untested gcore-buffer-overflow.exp
+ return -1
+}
+
+set escapedfilename [string_to_regexp ${objdir}/${subdir}/gcore-buffer-overflow.test]
+
+set test "save a corefile"
+gdb_test_multiple "gcore ${objdir}/${subdir}/gcore-buffer-overflow.test" $test {
+ -re "Saved corefile ${escapedfilename}\[\r\n\]+$gdb_prompt $" {
+ pass $test
+ }
+ -re "Can't create a corefile\[\r\n\]+$gdb_prompt $" {
+ unsupported $test
+ }
+ eof {
+ fail $test
+ }
+}
Reference in New Issue View Git Blame Copy Permalink