[lldb] Prevent an infinite loop while reading memory regions

A malformed qMemoryRegionInfo response can easily trigger an infinite
loop if regions end (base + size) wraps the address space. A
particularly interesting is the case where base+size=0, which a stub
could use to say that the rest of the memory space is unmapped, even
though lldb expects 0xff... in this case.

One could argue which behavior is more correct (technically, the
current behavior does not say anything about the last byte), but unless
we stop using 0xff... to mean "invalid address", that discussion is very
academic. This patch truncates address ranges which wraps the address
space, which handles the zero case as well as other kinds of malformed
packets.

diff --git a/lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp b/lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp
index f03fd42..347c47b 100644 (file)
--- a/lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp
+++ b/lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp
@@ -1527,8 +1527,14 @@ Status GDBRemoteCommunicationClient::GetMemoryRegionInfo(
           if (!value.getAsInteger(16, addr_value))
             region_info.GetRange().SetRangeBase(addr_value);
         } else if (name.equals("size")) {
-          if (!value.getAsInteger(16, addr_value))
+          if (!value.getAsInteger(16, addr_value)) {
             region_info.GetRange().SetByteSize(addr_value);
+            if (region_info.GetRange().GetRangeEnd() <
+                region_info.GetRange().GetRangeBase()) {
+              // Range size overflowed, truncate it.
+              region_info.GetRange().SetRangeEnd(LLDB_INVALID_ADDRESS);
+            }
+          }
         } else if (name.equals("permissions") &&
                    region_info.GetRange().IsValid()) {
           saw_permissions = true;

diff --git a/lldb/test/API/functionalities/gdb_remote_client/TestGdbClientMemoryRegions.py b/lldb/test/API/functionalities/gdb_remote_client/TestGdbClientMemoryRegions.py
new file mode 100644 (file)
index 0000000..c6ad39b
--- /dev/null
+++ b/lldb/test/API/functionalities/gdb_remote_client/TestGdbClientMemoryRegions.py
@@ -0,0 +1,44 @@
+import lldb
+from lldbsuite.test.lldbtest import *
+from lldbsuite.test.decorators import *
+from lldbsuite.test.gdbclientutils import *
+from lldbsuite.test.lldbgdbclient import GDBRemoteTestBase
+
+
+class TestGdbClientMemoryRegions(GDBRemoteTestBase):
+
+    def test(self):
+        """
+        Test handling of overflowing memory regions. In particular, make sure
+        they don't trigger an infinite loop.
+        """
+        class MyResponder(MockGDBServerResponder):
+
+            def qHostInfo(self):
+                return "ptrsize:8;endian:little;"
+
+            def qMemoryRegionInfo(self, addr):
+                if addr == 0:
+                    return "start:0;size:8000000000000000;permissions:rw;"
+                if addr == 0x8000000000000000:
+                    return "start:8000000000000000;size:8000000000000000;permissions:r;"
+
+        self.runCmd("log enable gdb-remote packets")
+        self.runCmd("log enable lldb temp")
+        self.server.responder = MyResponder()
+        target = self.dbg.CreateTarget('')
+        process = self.connect(target)
+
+        regions = process.GetMemoryRegions()
+        self.assertEqual(regions.GetSize(), 2)
+
+        region = lldb.SBMemoryRegionInfo()
+        self.assertTrue(regions.GetMemoryRegionAtIndex(0, region))
+        self.assertEqual(region.GetRegionBase(), 0)
+        self.assertEqual(region.GetRegionEnd(), 0x8000000000000000)
+        self.assertTrue(region.IsWritable())
+
+        self.assertTrue(regions.GetMemoryRegionAtIndex(1, region))
+        self.assertEqual(region.GetRegionBase(), 0x8000000000000000)
+        self.assertEqual(region.GetRegionEnd(), 0xffffffffffffffff)
+        self.assertFalse(region.IsWritable())