From f60db4f07f328df2d27356b157804e372af73401 Mon Sep 17 00:00:00 2001 From: Gary Benson Date: Wed, 23 Oct 2013 13:58:26 +0100 Subject: [PATCH] Fix off-by-one errors in *scanf format strings. In the first hunk, the format string was off-by-one for cmd, and cmd itself was larger than the maximum size required. cmd was reduced in size and the format string adjusted. In the second hunk, the format string was off-by-one for local_address, remote_address and extra, although the buffers for the two addresses were large enough for this not to matter. The specifiers for the two addresses was corrected, and a number of unused variables including extra were suppressed from parsing. In the third hunk, the format string was off-by-one for name, dependencies and status. This code was rewritten using strtok since dependencies can be arbitrarily long. gdb/ 2013-10-23 Gary Benson PR 16013 * common/linux-osdata.c (command_from_pid): Reduced size of cmd from 32 to 18. Adjusted fscanf format string accordingly. (Avoids leaving cmd unterminated.) (print_sockets): Do not parse tlen, inode, sl, timeout, txq, rxq, trun, retn or extra. (Avoids leaving extra unterminated.) Check that local_address and remote_address will not overflow. (linux_xfer_osdata_modules): Parse lines using strtok to avoid leaving dependencies unterminated. Parse size as "%u" to match definition. --- gdb/ChangeLog | 13 ++++++++++ gdb/common/linux-osdata.c | 66 +++++++++++++++++++++++++++++------------------ 2 files changed, 54 insertions(+), 25 deletions(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index d0854a8..1c70fac 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,16 @@ +2013-10-23 Gary Benson + + PR 16013 + * common/linux-osdata.c (command_from_pid): Reduced size of cmd + from 32 to 18. Adjusted fscanf format string accordingly. + (Avoids leaving cmd unterminated.) + (print_sockets): Do not parse tlen, inode, sl, timeout, txq, rxq, + trun, retn or extra. (Avoids leaving extra unterminated.) Check + that local_address and remote_address will not overflow. + (linux_xfer_osdata_modules): Parse lines using strtok to avoid + leaving dependencies unterminated. Parse size as "%u" to match + definition. + 2013-10-22 Pedro Alves * infrun.c (handle_inferior_event) : Don't clear or diff --git a/gdb/common/linux-osdata.c b/gdb/common/linux-osdata.c index 9723839..37a31f2 100644 --- a/gdb/common/linux-osdata.c +++ b/gdb/common/linux-osdata.c @@ -135,9 +135,9 @@ command_from_pid (char *command, int maxlen, PID_T pid) /* sizeof (cmd) should be greater or equal to TASK_COMM_LEN (in include/linux/sched.h in the Linux kernel sources) plus two (for the brackets). */ - char cmd[32]; + char cmd[18]; PID_T stat_pid; - int items_read = fscanf (fp, "%lld %32s", &stat_pid, cmd); + int items_read = fscanf (fp, "%lld %17s", &stat_pid, cmd); if (items_read == 2 && pid == stat_pid) { @@ -871,29 +871,22 @@ print_sockets (unsigned short family, int tcp, struct buffer *buffer) if (fgets (buf, sizeof (buf), fp)) { uid_t uid; - unsigned long tlen, inode; - int sl, timeout; unsigned int local_port, remote_port, state; - unsigned int txq, rxq, trun, retn; char local_address[NI_MAXHOST], remote_address[NI_MAXHOST]; - char extra[512]; int result; +#if NI_MAXHOST <= 32 +#error "local_address and remote_address buffers too small" +#endif + result = sscanf (buf, - "%d: %33[0-9A-F]:%X %33[0-9A-F]:%X %X %X:%X %X:%lX %X %d %d %lu %512s\n", - &sl, + "%*d: %32[0-9A-F]:%X %32[0-9A-F]:%X %X %*X:%*X %*X:%*X %*X %d %*d %*u %*s\n", local_address, &local_port, remote_address, &remote_port, &state, - &txq, &rxq, - &trun, &tlen, - &retn, - &uid, - &timeout, - &inode, - extra); + &uid); - if (result == 15) + if (result == 6) { union socket_addr locaddr, remaddr; size_t addr_size; @@ -1464,19 +1457,42 @@ linux_xfer_osdata_modules (gdb_byte *readbuf, { if (fgets (buf, sizeof (buf), fp)) { - char name[64], dependencies[256], status[16]; + char *name, *dependencies, *status, *tmp; unsigned int size; unsigned long long address; int uses; - int items_read; - - items_read = sscanf (buf, - "%64s %d %d %256s %16s 0x%llx", - name, &size, &uses, - dependencies, status, &address); - if (items_read == 6) - buffer_xml_printf ( + name = strtok (buf, " "); + if (name == NULL) + continue; + + tmp = strtok (NULL, " "); + if (tmp == NULL) + continue; + if (sscanf (tmp, "%u", &size) != 1) + continue; + + tmp = strtok (NULL, " "); + if (tmp == NULL) + continue; + if (sscanf (tmp, "%d", &uses) != 1) + continue; + + dependencies = strtok (NULL, " "); + if (dependencies == NULL) + continue; + + status = strtok (NULL, " "); + if (status == NULL) + continue; + + tmp = strtok (NULL, "\n"); + if (tmp == NULL) + continue; + if (sscanf (tmp, "%llx", &address) != 1) + continue; + + buffer_xml_printf ( &buffer, "" "%s" -- 2.7.4