Improve File I/O overflow detection in gdbserver (PR server/23198)

[deliverable/binutils-gdb.git] / gdb / gdbserver / hostio.c

diff --git a/gdb/gdbserver/hostio.c b/gdb/gdbserver/hostio.c
index a631d9e771c04d8be23d4fa8b5f685edd0618e7d..c621edfef56d514daa4f059c851fe2348f9a1989 100644 (file)
--- a/gdb/gdbserver/hostio.c
+++ b/gdb/gdbserver/hostio.c
@@ -1,5 +1,5 @@
 /* Host file transfer support for gdbserver.
-   Copyright (C) 2007-2015 Free Software Foundation, Inc.
+   Copyright (C) 2007-2018 Free Software Foundation, Inc.
 
    Contributed by CodeSourcery.
 
@@ -96,22 +96,27 @@ static int
 require_int (char **pp, int *value)
 {
   char *p;
-  int count;
+  int count, firstdigit;
 
   p = *pp;
   *value = 0;
   count = 0;
+  firstdigit = -1;
 
   while (*p && *p != ',')
     {
       int nib;
 
-      /* Don't allow overflow.  */
-      if (count >= 7)
+      if (safe_fromhex (p[0], &nib))
        return -1;
 
-      if (safe_fromhex (p[0], &nib))
+      if (firstdigit == -1)
+       firstdigit = nib;
+
+      /* Don't allow overflow.  */
+      if (count >= 8 || (count == 7 && firstdigit >= 0x8))
        return -1;
+
       *value = *value * 16 + nib;
       p++;
       count++;
@@ -126,7 +131,7 @@ require_data (char *p, int p_len, char **data, int *data_len)
 {
   int input_index, output_index, escaped;
 
-  *data = xmalloc (p_len);
+  *data = (char *) xmalloc (p_len);
 
   output_index = 0;
   escaped = 0;
@@ -371,7 +376,7 @@ handle_pread (char *own_buf, int *new_packet_len)
   if (len > max_reply_size)
     len = max_reply_size;
 
-  data = xmalloc (len);
+  data = (char *) xmalloc (len);
 #ifdef HAVE_PREAD
   ret = pread (fd, data, len, offset);
 #else