Currently, crash uses the system readline library to build the packages,
and the readline in system has been upgraded from 8.0 to 8.1, the gdb has
an old version, which can not play with the newer readline.
GDB calls rl_set_screen_size() in readline and may pass the INT_MAX to
the rl_set_screen_size(), however, the rl_set_screen_size() internally
multiplies the number of rows and columns, which causes a signed integer
overflow.
To avoid this issue, let's reduce the "infinite" rows and columns before
calling the rl_set_screen_size().
Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
---
...t-overflow-in-the-rl_set_screen_size.patch | 88 +++++++++++++++++++
crash.spec | 2 +
2 files changed, 90 insertions(+)
create mode 100644 0001-gdb-prevent-overflow-in-the-rl_set_screen_size.patch
diff --git a/0001-gdb-prevent-overflow-in-the-rl_set_screen_size.patch
b/0001-gdb-prevent-overflow-in-the-rl_set_screen_size.patch
new file mode 100644
index 000000000000..9ef48e033283
--- /dev/null
+++ b/0001-gdb-prevent-overflow-in-the-rl_set_screen_size.patch
@@ -0,0 +1,88 @@
+From f95d172b14e5b8ee6032b57f7535d2ffe2ee0135 Mon Sep 17 00:00:00 2001
+From: Lianbo Jiang <lijiang(a)redhat.com>
+Date: Wed, 3 Mar 2021 22:43:49 +0800
+Subject: [PATCH] gdb: prevent overflow in the rl_set_screen_size()
+
+Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
+---
+ Makefile | 3 +++
+ configure.c | 2 +-
+ gdb-7.6-utils.patch | 39 +++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 43 insertions(+), 1 deletion(-)
+ create mode 100644 gdb-7.6-utils.patch
+
+diff --git a/Makefile b/Makefile
+index f72b3057d3e3..f3dfedc4c507 100644
+--- a/Makefile
++++ b/Makefile
+@@ -277,6 +277,9 @@ gdb_patch:
+ patch -p0 < ${GDB}-proc_service.h.patch; \
+ fi; \
+ fi
++ if [ -f ${GDB}-utils.patch ] && [ -s ${GDB}-utils.patch ]; then \
++ patch -p1 < ${GDB}-utils.patch; \
++ fi
+
+ library: make_build_data ${OBJECT_FILES}
+ ar -rs ${PROGRAM}lib.a ${OBJECT_FILES}
+diff --git a/configure.c b/configure.c
+index 7f6d19e0b87e..9d2610816c39 100644
+--- a/configure.c
++++ b/configure.c
+@@ -240,7 +240,7 @@ struct supported_gdb_version {
+ "7.6",
+ "GDB_FILES=${GDB_7.6_FILES}",
+ "GDB_OFILES=${GDB_7.6_OFILES}",
+- "GDB_PATCH_FILES=gdb-7.6.patch gdb-7.6-ppc64le-support.patch
gdb-7.6-proc_service.h.patch",
++ "GDB_PATCH_FILES=gdb-7.6.patch gdb-7.6-ppc64le-support.patch
gdb-7.6-proc_service.h.patch gdb-7.6-utils.patch",
+ "GDB_FLAGS=-DGDB_7_6",
+ "GPLv3"
+ },
+diff --git a/gdb-7.6-utils.patch b/gdb-7.6-utils.patch
+new file mode 100644
+index 000000000000..1f6830dc333e
+--- /dev/null
++++ b/gdb-7.6-utils.patch
+@@ -0,0 +1,39 @@
++diff --git a/gdb-7.6/gdb/utils.c b/gdb-7.6/gdb/utils.c
++index 1fdc8776902f..2579a0aed884 100644
++--- a/gdb-7.6/gdb/utils.c
+++++ b/gdb-7.6/gdb/utils.c
++@@ -1821,11 +1821,30 @@ set_screen_size (void)
++ int rows = lines_per_page;
++ int cols = chars_per_line;
++
++- if (rows <= 0)
++- rows = INT_MAX;
+++ /* If we get 0 or negative ROWS or COLS, treat as "infinite" size.
+++ A negative number can be seen here with the "set width/height"
+++ commands and either:
++
++- if (cols <= 0)
++- cols = INT_MAX;
+++ - the user specified "unlimited", which maps to UINT_MAX, or
+++ - the user specified some number between INT_MAX and UINT_MAX.
+++
+++ Cap "infinity" to approximately sqrt(INT_MAX) so that we don't
+++ overflow in rl_set_screen_size, which multiplies rows and columns
+++ to compute the number of characters on the screen. */
+++
+++ const int sqrt_int_max = INT_MAX >> (sizeof (int) * 8 / 2);
+++
+++ if (rows <= 0 || rows > sqrt_int_max)
+++ {
+++ rows = sqrt_int_max;
+++ lines_per_page = UINT_MAX;
+++ }
+++
+++ if (cols <= 0 || cols > sqrt_int_max)
+++ {
+++ cols = sqrt_int_max;
+++ chars_per_line = UINT_MAX;
+++ }
++
++ /* Update Readline's idea of the terminal size. */
++ rl_set_screen_size (rows, cols);
+--
+2.17.1
+
diff --git a/crash.spec b/crash.spec
index 8252b7baf7e6..48b882e9ec9a 100644
--- a/crash.spec
+++ b/crash.spec
@@ -34,6 +34,7 @@ Patch13:
0010-Fix-dev-d-option-on-Linux-5.11-rc1-and-later-kernels.patch
Patch14: 0011-Fix-kmem-v-option-on-Linux-5.11-rc1-and-later-kernel.patch
Patch15: 0012-mod-Show-the-base-address-of-module.patch
Patch16: 0013-xen-increase-__PHYSICAL_MASK_SHIFT_XEN-to-52.patch
+Patch17: 0001-gdb-prevent-overflow-in-the-rl_set_screen_size.patch
%description
The core analysis suite is a self-contained tool that can be used to
@@ -70,6 +71,7 @@ offered by Mission Critical Linux, or the LKCD kernel patch.
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
%build
# This package has an internal copy of GDB which has broken configure code for
--
2.29.2