fix 289699 vgdb connection in relay mode erroneously closed due to buffer overrun

* use PBUFSIZ+1 for buffers reading characters from gdbserver:
  vgdb reads up to PBUFSIZ characters from gdbserver.
  If vgdb receives a burst of packet from Valgrind gdbserver, PBUFSIZ
  characters can be read. The tracing code adds a trailing \0 to
  this buffer => to avoid buffer overrun, the buffers are dimensionned
  with PBUFSIZ+1.
* use read_buf in function read_char, rather than directly calling read.

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@12319

diff --git a/NEWS b/NEWS
index 0d907b542a63919da505a8da77f099c8044dcd46..3b3042acb6970abd174a9c64f0f24ea10fbe043e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -29,7 +29,7 @@ where XXXXXX is the bug number as listed below.
 286270  vgpreload is not friendly to 64->32 bit execs, gives ld.so warnings
 286374  Running cachegrind with --branch-sim=yes on 64-bit PowerPC program fails
 287858  VG_(strerror): unknown error 
-
+289699  vgdb connection in relay mode erroneously closed due to buffer overrun 
 
 Release 3.7.0 (5 November 2011)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/coregrind/vgdb.c b/coregrind/vgdb.c
index 3c5c9d6e645fd3ca2f7e5bfa9b307cd3ddf4b9a9..38adc1c4bdced662a6d0ba73b5708972a53b1695 100644 (file)
--- a/coregrind/vgdb.c
+++ b/coregrind/vgdb.c
@@ -1364,7 +1364,7 @@ static char *from_gdb_to_pid; /* fifo name to write gdb command to pid */
 static
 Bool read_from_gdb_write_to_pid(int to_pid)
 {
-   char buf[PBUFSIZ];
+   char buf[PBUFSIZ+1]; // +1 for trailing \0
    int nrread;
 
    nrread = read_buf(from_gdb, buf, "from gdb on stdin");
@@ -1388,7 +1388,7 @@ static char *to_gdb_from_pid; /* fifo name to read pid replies */
 static
 Bool read_from_pid_write_to_gdb(int from_pid)
 {
-   char buf[PBUFSIZ];
+   char buf[PBUFSIZ+1]; // +1 for trailing \0
    int nrread;
 
    nrread = read_buf(from_pid, buf, "from pid");
@@ -1493,14 +1493,14 @@ fromhex (int a)
 static int
 readchar (int fd)
 {
-  static unsigned char buf[PBUFSIZ];
+  static unsigned char buf[PBUFSIZ+1]; // +1 for trailing \0
   static int bufcnt = 0;
   static unsigned char *bufp;
 
   if (bufcnt-- > 0)
      return *bufp++;
 
-  bufcnt = read (fd, buf, sizeof (buf));
+  bufcnt = read_buf (fd, buf, "static buf readchar");
 
   if (bufcnt <= 0) {
      if (bufcnt == 0) {
@@ -1810,10 +1810,10 @@ void gdb_relay (int pid)
                if (!read_from_gdb_write_to_pid(to_pid))
                   shutting_down = True;
                break;
-               case FROM_PID:
-                  if (!read_from_pid_write_to_gdb(from_pid))
-                     shutting_down = True;
-                  break;
+            case FROM_PID:
+               if (!read_from_pid_write_to_gdb(from_pid))
+                  shutting_down = True;
+               break;
             default: XERROR(0, "unexpected POLLIN on %s\n",
                                ppConnectionKind(ck));
             }
@@ -1874,7 +1874,7 @@ void standalone_send_commands(int pid,
    unsigned char hex[3];
    unsigned char cksum;
    unsigned char *hexcommand;
-   unsigned char buf[PBUFSIZ];
+   unsigned char buf[PBUFSIZ+1]; // +1 for trailing \0
    int buflen;
    int nc;