This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

remote/2560: valid reponse packet can be treated as 'ENN' error packet

From: richard dot stuckey at arc dot com
To: gdb-gnats at sources dot redhat dot com
Date: 2 Dec 2008 17:04:33 -0000
Subject: remote/2560: valid reponse packet can be treated as 'ENN' error packet
Reply-to: richard dot stuckey at arc dot com

>Number:         2560
>Category:       remote
>Synopsis:       valid reponse packet can  be treated as 'ENN' error packet
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 02 17:08:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     ARC International
>Release:        insight 6.8
>Organization:
>Environment:

>Description:
In file remote.c, the function remote_send is used to send a packet to the remote target and receive a response packet back to it.  It checks whether the response packet is an 'ENN' error response with the test

  if ((*buf)[0] == 'E')
    error (_("Remote failure reply: %s"), *buf);

This test is too weak: if the response packet contains valid data which happens to begin with an 'E' then it will be incorrectly treated as an error.

The correct test is performed in the function  packet_check_result in this file:

      if (buf[0] == 'E'
          && isxdigit (buf[1]) && isxdigit (buf[2])
          && buf[3] == '\0')
        /* "Enn"  - definitly an error.  */
        return PACKET_ERROR;

In fact, this function should be used throughout this file to check all response packets; e.g. in the function remote_rcmd there is the code

      if (buf[0] == '\0')
        error (_("Target does not support this command."));
      if (buf[0] == 'O' && buf[1] != 'K')
        {
          remote_console_output (buf + 1); /* 'O' message from stub.  */
          continue;
        }
      if (strcmp (buf, "OK") == 0)
        break;
      if (strlen (buf) == 3 && buf[0] == 'E'
          && isdigit (buf[1]) && isdigit (buf[2]))
        {
          error (_("Protocol error with Rcmd"));
        }

where the tests essentially duplicate the code in packet_check_result (though strlen is a very inefficient means of checking that the 4th character in a buffer is a NUL!).
  
>How-To-Repeat:

>Fix:
Replace all checks on the response packet with calls to packet_check_result and check the result of this function call.
>Release-Note:
>Audit-Trail:
>Unformatted:

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]