)]}'
{
  "commit": "9d3cf9efd51ebae3f45bb49e3544cb7eeb63a138",
  "tree": "215ea205f892a0444b51671e4c04a3ef9de73cf4",
  "parents": [
    "e16bdea6719df4db518ddbeafd2281fb74ed5ca5"
  ],
  "author": {
    "name": "Paul Eggert",
    "email": "eggert@cs.ucla.edu",
    "time": "Sun Mar 22 14:08:47 2026 -0700"
  },
  "committer": {
    "name": "Andrew Burgess",
    "email": "aburgess@redhat.com",
    "time": "Thu Apr 02 13:36:35 2026 +0100"
  },
  "message": "gdbserver: fix unlikely getpkt buffer overflow\n\nThis problem was reported by Manish Sharma.\n\nWithin gdbserver, in getpkt, there is no bounds checking as we parse\nthe incoming packet.  An unexpectedly large packet can therefore\noverflow the allocated buffer.  Fixed by adding bounds checking.\n\nIf a packet is too long then in ACK mode we send out the NAK, but then\nimmediately return -1 as the result from getpkt.  Currently the only\nthing that GDB can do when it sees a \u0027-\u0027 (NAK) is resend the packet.\nIf the original packet was too long then the resent packet will also\nbe too long.  gdbserver would then be stuck re-reading the incoming\ntoo long packet.  Now GDB does give up after 3 retries, but this means\ngdbserver is relying on GDB to give up sending, when in reality,\ngdbserver knows it\u0027s not going to be able to recover.  So I propose\nthat gdbserver should just give up once it sees a packet that is too\nlong.\n\nWhile looking at the error handling in this case I noticed that in the\nnoack_mode case, if we get a packet with a bad checksum, or a packet\nthat is too long, getpkt will return success and gdbserver will try to\ninterpret whatever it has.  This seems like a bad idea.  So I\u0027ve\nupdated this code path to also return an error.\n\nThen there are a couple of places where we had a comment like this:\n\n  /* FIXME:  Eventually add buffer overflow checking (to getpkt?)  */\n\nNow that getpkt does have buffer overflow checking, I\u0027ve removed these\ncomments.\n\nApproved-By: Andrew Burgess \u003caburgess@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "34801d0b76fec7967a9d40ebe0e5e9df7c3e2635",
      "old_mode": 33188,
      "old_path": "gdbserver/remote-utils.cc",
      "new_id": "d7049baf0830eb72dc6ea7ad703d28f0919b8896",
      "new_mode": 33188,
      "new_path": "gdbserver/remote-utils.cc"
    }
  ]
}