GDB stub small fixes: out-of-bounds and wrong packet reply in 'qfThre…

…adInfo' (86Box#3666) * Fix out-of-bounds access on gdbstub_client_respond() The issue happens when the ENABLE_GDBSTUB_LOG flag is set, more specifically within the gdbstub_client_respond() function. This is due to the fact that the string 'GDB Stub: Sending response: ' and the newline character '\n' total 29 characters. When combined with the 995 characters of client->response, the total is 1024 bytes. However, the pclog_ex() buffer size is also 1024 bytes, leaving no room for the null terminator '\0'. As a result, when attempting to print the text on the screen, a segmentation fault occurs. This commit fixes this by decreasing the response text's size by one byte. * Remove extra space in 'qfThreadInfo' packet response in gdbstub.c When GDB sends the 'qfThreadInfo' packet, one of the possible responses is 'm thread-id', as specified in [1]. However, contrary to what the documentation implies, there is no space between 'm' and the thread-id. In the current approach, GDB isn't even able to recognize that there's any active thread, as the code sends "m 1" instead of "m1". This commit addresses this by removing the space in the response. Ref: [1]: https://sourceware.org/gdb/onlinedocs/gdb/General-Query-Packets.html
rderooy · Aug 31, 2023 · 4bde11c · 4bde11c
1 parent c2a5f7f
commit 4bde11c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/gdbstub.c b/src/gdbstub.c
@@ -631,10 +631,10 @@ gdbstub_client_respond(gdbstub_client_t *client)
     /* Send response packet. */
     client->response[client->response_pos] = '\0';
 #ifdef ENABLE_GDBSTUB_LOG
-    i                     = client->response[995]; /* pclog_ex buffer too small */
-    client->response[995] = '\0';
+    i                     = client->response[994]; /* pclog_ex buffer too small */
+    client->response[994] = '\0';
     gdbstub_log("GDB Stub: Sending response: %s\n", client->response);
-    client->response[995] = i;
+    client->response[994] = i;
 #endif
     send(client->socket, "$", 1, 0);
     send(client->socket, client->response, client->response_pos, 0);
@@ -1100,7 +1100,7 @@ gdbstub_client_packet(gdbstub_client_t *client)
             } else if (!strcmp(client->response, "C")) {
                 FAST_RESPONSE("QC1");
             } else if (!strcmp(client->response, "fThreadInfo")) {
-                FAST_RESPONSE("m 1");
+                FAST_RESPONSE("m1");
             } else if (!strcmp(client->response, "sThreadInfo")) {
                 FAST_RESPONSE("l");
             } else if (!strcmp(client->response, "Rcmd")) {