qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 01/20] gdbstub: Correct misparsing of vCont C/S requests

From: Peter Maydell
Subject: [PULL 01/20] gdbstub: Correct misparsing of vCont C/S requests
Date: Tue, 15 Dec 2020 14:12:18 +0000 
In the vCont packet, two of the command actions (C and S) take an
argument specifying the signal to be sent to the process/thread, which is
sent as an ASCII string of two hex digits which immediately follow the
'C' or 'S' character.

Our code for parsing this packet accidentally skipped the first of the
two bytes of the signal value, because it started parsing the hex string
at 'p + 1' when the preceding code had already moved past the 'C' or
'S' with "cur_action = *p++".

This meant that we would only do the right thing for signals below
10, and would misinterpret the rest.  For instance, when the debugger
wants to send the process a SIGPROF (27 on x86-64) we mangle this into
a SIGSEGV (11).

Remove the accidental double increment.

Fixes: https://bugs.launchpad.net/qemu/+bug/1773743
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20201121210342.10089-1-peter.maydell@linaro.org
---
 gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index f19f98ab1ab..d99bc0bf2ea 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1243,7 +1243,7 @@ static int gdb_handle_vcont(const char *p)
         cur_action = *p++;
         if (cur_action == 'C' || cur_action == 'S') {
             cur_action = qemu_tolower(cur_action);
-            res = qemu_strtoul(p + 1, &p, 16, &tmp);
+            res = qemu_strtoul(p, &p, 16, &tmp);
             if (res) {
                 goto out;
             }
-- 
2.20.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]