Skip to content

Fixed a buffer overflow in gdbr_parse_processes_xml#5973

Merged
notxvilka merged 4 commits intorizinorg:devfrom
suleif0:suleif
Mar 3, 2026
Merged

Fixed a buffer overflow in gdbr_parse_processes_xml#5973
notxvilka merged 4 commits intorizinorg:devfrom
suleif0:suleif

Conversation

@suleif0
Copy link
Contributor

@suleif0 suleif0 commented Feb 26, 2026

Your checklist for this pull request

  • I've read the guidelines for contributing to this repository.
  • I made sure to follow the project's coding style.
  • I've documented every RZ_API function and struct this PR changes.
  • I've added tests that prove my changes are effective (required for changes to RZ_API).
  • [] I've updated the Rizin book with the relevant information (if needed).
  • [] I've used AI tools to generate fully or partially these code changes and I'm sure the changes are not copyrighted by somebody else.

Detailed description

This fixes #5882, The issue was that the cmdline buffer size was too small for some of the data that gdbserver sends with the --multi flag. The fix was to simply increase the buffer size of cmdline.

Test plan

  • Start a gdb server: gdbserver --multi :4444
  • Connect rizin to the GDB server: rizin -d gdb://localhost:4444
  • list the processes: dp

Additionally I made a test for this in test/db/archos/linux-x64/dbg_gdbserver

Closing issues

closes #5882

notxvilka
notxvilka requested changes Feb 27, 2026
View reviewed changes
@suleif0 suleif0 requested a review from notxvilka February 27, 2026 05:10
@codecov
Copy link

codecov bot commented Feb 27, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 48.11%. Comparing base (5a2e57b) to head (f5c8547).
⚠️ Report is 1 commits behind head on dev.

Files with missing lines Patch % Lines
subprojects/rzgdb/src/gdbclient/xml.c 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files
Files with missing lines Coverage Δ
subprojects/rzgdb/src/gdbclient/xml.c 42.13% <0.00%> (+42.13%) ⬆️

... and 27 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5a2e57b...f5c8547. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@suleif0
Copy link
Contributor Author

suleif0 commented Mar 1, 2026

@notxvilka Can you take a look again?

@notxvilka notxvilka self-assigned this Mar 3, 2026
wargio
wargio reviewed Mar 3, 2026
View reviewed changes
@notxvilka notxvilka merged commit 5897f30 into rizinorg:dev Mar 3, 2026
46 of 47 checks passed
@suleif0 suleif0 deleted the suleif branch March 3, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wargio wargio wargio approved these changes

@notxvilka notxvilka notxvilka approved these changes

@yossizap yossizap Awaiting requested review from yossizap yossizap is a code owner

@kazarmy kazarmy Awaiting requested review from kazarmy kazarmy is a code owner

@thestr4ng3r thestr4ng3r Awaiting requested review from thestr4ng3r thestr4ng3r is a code owner

@ret2libc ret2libc Awaiting requested review from ret2libc ret2libc is a code owner

@Rot127 Rot127 Awaiting requested review from Rot127 Rot127 is a code owner

Assignees

@notxvilka notxvilka

Labels

GDB rz-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Segmentation fault when listing remote processes

3 participants

@suleif0 @wargio @notxvilka