Currently, crash uses the system readline library to build the packages,
and the readline in system has been upgraded from 8.0 to 8.1, the gdb has
an old version, which can not play with the newer readline.
GDB calls rl_set_screen_size() in readline and may pass the INT_MAX to
the rl_set_screen_size(), however, the rl_set_screen_size() internally
multiplies the number of rows and columns, which causes a signed integer
overflow.
To avoid this issue, let's reduce the "infinite" rows and columns before
calling the rl_set_screen_size().
Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
---
Changes since v1:
[1] add the fix(in the gdb/utils.c) to the end of gdb-7.6.patch
crash.spec | 2 +
...t-overflow-in-the-rl_set_screen_size.patch | 60 +++++++++++++++++++
2 files changed, 62 insertions(+)
create mode 100644 gdb-prevent-overflow-in-the-rl_set_screen_size.patch
diff --git a/crash.spec b/crash.spec
index 8252b7baf7e6..7721e26eba79 100644
--- a/crash.spec
+++ b/crash.spec
@@ -34,6 +34,7 @@ Patch13:
0010-Fix-dev-d-option-on-Linux-5.11-rc1-and-later-kernels.patch
Patch14: 0011-Fix-kmem-v-option-on-Linux-5.11-rc1-and-later-kernel.patch
Patch15: 0012-mod-Show-the-base-address-of-module.patch
Patch16: 0013-xen-increase-__PHYSICAL_MASK_SHIFT_XEN-to-52.patch
+Patch17: gdb-prevent-overflow-in-the-rl_set_screen_size.patch
%description
The core analysis suite is a self-contained tool that can be used to
@@ -70,6 +71,7 @@ offered by Mission Critical Linux, or the LKCD kernel patch.
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
%build
# This package has an internal copy of GDB which has broken configure code for
diff --git a/gdb-prevent-overflow-in-the-rl_set_screen_size.patch
b/gdb-prevent-overflow-in-the-rl_set_screen_size.patch
new file mode 100644
index 000000000000..6fc2341d1625
--- /dev/null
+++ b/gdb-prevent-overflow-in-the-rl_set_screen_size.patch
@@ -0,0 +1,60 @@
+From 2f35469929ba91fd0404f1b09b32a299cac48ccf Mon Sep 17 00:00:00 2001
+From: Lianbo Jiang <lijiang(a)redhat.com>
+Date: Mon, 8 Mar 2021 13:59:21 +0800
+Subject: [PATCH] gdb: prevent overflow in the rl_set_screen_size()
+
+Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
+---
+ gdb-7.6.patch | 38 ++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 38 insertions(+)
+
+diff --git a/gdb-7.6.patch b/gdb-7.6.patch
+index f64b55fe547a..468ff2d02abc 100644
+--- a/gdb-7.6.patch
++++ b/gdb-7.6.patch
+@@ -2500,4 +2500,42 @@ diff -up gdb-7.6/opcodes/configure.orig gdb-7.6/opcodes/configure
+ +struct target_desc *tdesc_aarch64;
+ #include "features/aarch64.c"
+ #include "features/aarch64-without-fpu.c"
++
++--- gdb-7.6/gdb/utils.c.orig
+++++ gdb-7.6/gdb/utils.c
++@@ -1821,11 +1821,30 @@ set_screen_size (void)
++ int rows = lines_per_page;
++ int cols = chars_per_line;
++
++- if (rows <= 0)
++- rows = INT_MAX;
+++ /* If we get 0 or negative ROWS or COLS, treat as "infinite" size.
+++ A negative number can be seen here with the "set width/height"
+++ commands and either:
++
++- if (cols <= 0)
++- cols = INT_MAX;
+++ - the user specified "unlimited", which maps to UINT_MAX, or
+++ - the user specified some number between INT_MAX and UINT_MAX.
+++
+++ Cap "infinity" to approximately sqrt(INT_MAX) so that we don't
+++ overflow in rl_set_screen_size, which multiplies rows and columns
+++ to compute the number of characters on the screen. */
+++
+++ const int sqrt_int_max = INT_MAX >> (sizeof (int) * 8 / 2);
+++
+++ if (rows <= 0 || rows > sqrt_int_max)
+++ {
+++ rows = sqrt_int_max;
+++ lines_per_page = UINT_MAX;
+++ }
+++
+++ if (cols <= 0 || cols > sqrt_int_max)
+++ {
+++ cols = sqrt_int_max;
+++ chars_per_line = UINT_MAX;
+++ }
++
++ /* Update Readline's idea of the terminal size. */
++ rl_set_screen_size (rows, cols);
+
+--
+2.17.1
+
--
2.17.1
Show replies by date