[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 01/20] gdbstub: Correct misparsing of vCont C/S requests
From: |
Peter Maydell |
Subject: |
[PULL 01/20] gdbstub: Correct misparsing of vCont C/S requests |
Date: |
Tue, 15 Dec 2020 14:12:18 +0000 |
In the vCont packet, two of the command actions (C and S) take an
argument specifying the signal to be sent to the process/thread, which is
sent as an ASCII string of two hex digits which immediately follow the
'C' or 'S' character.
Our code for parsing this packet accidentally skipped the first of the
two bytes of the signal value, because it started parsing the hex string
at 'p + 1' when the preceding code had already moved past the 'C' or
'S' with "cur_action = *p++".
This meant that we would only do the right thing for signals below
10, and would misinterpret the rest. For instance, when the debugger
wants to send the process a SIGPROF (27 on x86-64) we mangle this into
a SIGSEGV (11).
Remove the accidental double increment.
Fixes: https://bugs.launchpad.net/qemu/+bug/1773743
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20201121210342.10089-1-peter.maydell@linaro.org
---
gdbstub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdbstub.c b/gdbstub.c
index f19f98ab1ab..d99bc0bf2ea 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1243,7 +1243,7 @@ static int gdb_handle_vcont(const char *p)
cur_action = *p++;
if (cur_action == 'C' || cur_action == 'S') {
cur_action = qemu_tolower(cur_action);
- res = qemu_strtoul(p + 1, &p, 16, &tmp);
+ res = qemu_strtoul(p, &p, 16, &tmp);
if (res) {
goto out;
}
--
2.20.1
- [PULL 00/20] target-arm queue, Peter Maydell, 2020/12/15
- [PULL 04/20] target/openrisc: Move pic_cpu code into CPU object proper, Peter Maydell, 2020/12/15
- [PULL 05/20] target/nios2: Move IIC code into CPU object proper, Peter Maydell, 2020/12/15
- [PULL 02/20] hw/openrisc/openrisc_sim: Use IRQ splitter when connecting IRQ to multiple CPUs, Peter Maydell, 2020/12/15
- [PULL 03/20] hw/openrisc/openrisc_sim: Abstract out "get IRQ x of CPU y", Peter Maydell, 2020/12/15
- [PULL 07/20] target/nios2: Use deposit32() to update ipending register, Peter Maydell, 2020/12/15
- [PULL 10/20] elf_ops.h: Don't truncate name of the ROM blobs we create, Peter Maydell, 2020/12/15
- [PULL 09/20] hw/core/loader.c: Improve reporting of ROM overlap errors, Peter Maydell, 2020/12/15
- [PULL 06/20] target/nios2: Move nios2_check_interrupts() into target/nios2, Peter Maydell, 2020/12/15
- [PULL 11/20] elf_ops.h: Be more verbose with ROM blob names, Peter Maydell, 2020/12/15
- [PULL 01/20] gdbstub: Correct misparsing of vCont C/S requests,
Peter Maydell <=
- [PULL 15/20] arm: xlnx-versal: Connect usb to virt-versal, Peter Maydell, 2020/12/15
- [PULL 14/20] usb: xlnx-usb-subsystem: Add xilinx usb subsystem, Peter Maydell, 2020/12/15
- [PULL 13/20] usb: Add DWC3 model, Peter Maydell, 2020/12/15
- [PULL 16/20] hw/misc/zynq_slcr: Avoid #DIV/0! error, Peter Maydell, 2020/12/15
- [PULL 17/20] hw/block/m25p80: Make Numonyx config field names more accurate, Peter Maydell, 2020/12/15
- [PULL 08/20] hw/core/loader.c: Track last-seen ROM in rom_check_and_register_reset(), Peter Maydell, 2020/12/15
- [PULL 12/20] usb: Add versal-usb2-ctrl-regs module, Peter Maydell, 2020/12/15
- [PULL 18/20] hw/block/m25p80: Fix when VCFG XIP bit is set for Numonyx, Peter Maydell, 2020/12/15
- [PULL 20/20] hw/block/m25p80: Fix Numonyx fast read dummy cycle count, Peter Maydell, 2020/12/15