From c9d3cf71ddb2ad520b44520b178a0304d747e102 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Mon, 14 Dec 2015 11:02:48 +0100 Subject: [PATCH] gdb_main.c: fix buffer overflow on large reads When gdb issues a `m xx,200` command, the probe should respond with a packet of size 2*0x200=1024 which is the size of the packet buffer. However, the `hexify()` procedures writes 1025 bytes in the buffer. During my tests, it caused the probe to hang when issuing a `dump` command. Presumably by overwritting the `cur_target` variable. --- src/gdb_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gdb_main.c b/src/gdb_main.c index 6b2059f..cec5822 100644 --- a/src/gdb_main.c +++ b/src/gdb_main.c @@ -41,7 +41,7 @@ #define ERROR_IF_NO_TARGET() \ if(!cur_target) { gdb_putpacketz("EFF"); break; } -static char pbuf[BUF_SIZE]; +static char pbuf[BUF_SIZE+1]; static target *cur_target; static target *last_target;