From: Tankut Baris Aktemur <tankutbaris.aktemur@amd.com>
Date: Mon, 11 May 2026 11:57:45 +0000 (-0500)
Subject: gdb/amd-dbgapi-target: assert register size in fetch/store_registers
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=465b301cee98445d2d03a9687ab1f39e4fd80017;p=thirdparty%2Fbinutils-gdb.git

gdb/amd-dbgapi-target: assert register size in fetch/store_registers

Assert that register size is not larger than the max register size as
a safety measure against buffer overflow.

Approved-by: Lancelot Six <lancelot.six@amd.com>
---

diff --git a/gdb/amd-dbgapi-target.c b/gdb/amd-dbgapi-target.c
index b7d5ee7de9f..421ec8599ed 100644
--- a/gdb/amd-dbgapi-target.c
+++ b/gdb/amd-dbgapi-target.c
@@ -1968,10 +1968,12 @@ amd_dbgapi_target::fetch_registers (struct regcache *regcache, int regno)
   amdgpu_gdbarch_tdep *tdep = get_amdgpu_gdbarch_tdep (gdbarch);
   amd_dbgapi_wave_id_t wave_id = get_amd_dbgapi_wave_id (regcache->ptid ());
   gdb_byte raw[AMDGPU_MAX_REGISTER_SIZE];
+  ULONGEST reg_size = register_type (gdbarch, regno)->length ();
+  gdb_assert (reg_size <= AMDGPU_MAX_REGISTER_SIZE);
+
   amd_dbgapi_status_t status
     = amd_dbgapi_read_register (wave_id, tdep->register_ids[regno], 0,
-				register_type (gdbarch, regno)->length (),
-				raw);
+				reg_size, raw);
 
   if (status == AMD_DBGAPI_STATUS_SUCCESS)
     regcache->raw_supply (regno, raw);
@@ -1994,6 +1996,8 @@ amd_dbgapi_target::store_registers (struct regcache *regcache, int regno)
   gdb_assert (is_amdgpu_arch (gdbarch));
 
   gdb_byte raw[AMDGPU_MAX_REGISTER_SIZE];
+  ULONGEST reg_size = register_type (gdbarch, regno)->length ();
+  gdb_assert (reg_size <= AMDGPU_MAX_REGISTER_SIZE);
   regcache->raw_collect (regno, &raw);
 
   amdgpu_gdbarch_tdep *tdep = get_amdgpu_gdbarch_tdep (gdbarch);
@@ -2018,8 +2022,7 @@ amd_dbgapi_target::store_registers (struct regcache *regcache, int regno)
   amd_dbgapi_wave_id_t wave_id = get_amd_dbgapi_wave_id (regcache->ptid ());
   amd_dbgapi_status_t status
     = amd_dbgapi_write_register (wave_id, tdep->register_ids[regno], 0,
-				 register_type (gdbarch, regno)->length (),
-				 raw);
+				 reg_size, raw);
 
   if (status != AMD_DBGAPI_STATUS_SUCCESS)
     warning (_("Couldn't write register %s (#%d)."),