"Debugging with GDB / Appendix E GDB Remote Serial Protocol /
Overview" specifies "The printable characters '#' and '$' or with a
numeric value greater than 126 must not be used." gdb_read_byte()
only rejects values < 32. This is wrong. Impact depends on the caller:
* gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and
'\127'.
* gdb_chr_receive() passes an uint8_t. Additionally accepts
characters with the most-significant bit set.
Correct the validity check to match the specification.
Signed-off-by: Markus Armbruster <arm...@redhat.com>
---
gdbstub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdbstub.c b/gdbstub.c
index d54abd17cc..a6dce1b027 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -2064,7 +2064,7 @@ static void gdb_read_byte(GDBState *s, int ch)
}
break;
case RS_GETLINE_RLE:
- if (ch < ' ') {
+ if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
/* invalid RLE count encoding */
trace_gdbstub_err_invalid_repeat((uint8_t)ch);
s->state = RS_GETLINE;
--
2.17.2
