Changeset 32202 in vbox for trunk/src/VBox

Timestamp:

Sep 2, 2010 2:02:13 PM (14 years ago)

Author:

vboxsync

Message:

RTCoreDumper: fix potential crash with reading passed buffer.

File:

• trunk/src/VBox/Runtime/r3/solaris/coredumper-solaris.cpp (modified) (4 diffs)

trunk/src/VBox/Runtime/r3/solaris/coredumper-solaris.cpp

@@ -1092 +1092 @@
     NOREF(pVBoxCore);
 
+    CORELOG((CORELOG_NAME ":suspendThread %d\n", (lwpid_t)pThreadInfo->pr_lwpid));
+
     lwpsinfo_t *pThreadInfo = (lwpsinfo_t *)pvThreadInfo;
-    CORELOGRELSYS((CORELOG_NAME ":suspendThread %d\n", (lwpid_t)pThreadInfo->pr_lwpid));
     if ((lwpid_t)pThreadInfo->pr_lwpid != pVBoxCore->VBoxProc.hCurThread)
         _lwp_suspend(pThreadInfo->pr_lwpid);
@@ -1112 +1113 @@
     AssertPtrReturn(pvThreadInfo, VERR_INVALID_POINTER);
     NOREF(pVBoxCore);
+
+    CORELOG((CORELOG_NAME ":resumeThread %d\n", (lwpid_t)pThreadInfo->pr_lwpid));
 
     lwpsinfo_t *pThreadInfo = (lwpsinfo_t *)pvThreadInfo;
@@ -1372 +1375 @@
     ElfNoteHdr.achName[2] = 'R';
     ElfNoteHdr.achName[3] = 'E';
+
+    static const char s_achPad[3] = { 0, 0, 0 };
+    size_t cbAlign = RT_ALIGN_Z(cb, 4);
     ElfNoteHdr.Hdr.n_namesz = 5;
     ElfNoteHdr.Hdr.n_type = Type;
-    ElfNoteHdr.Hdr.n_descsz = RT_ALIGN_Z(cb, 4);
+    ElfNoteHdr.Hdr.n_descsz = cbAlign;
 
     /*
@@ -1381 +1387 @@
     rc = pVBoxCore->pfnWriter(pVBoxCore->hCoreFile, &ElfNoteHdr, sizeof(ElfNoteHdr));
     if (RT_SUCCESS(rc))
-       rc = pVBoxCore->pfnWriter(pVBoxCore->hCoreFile, pcv, ElfNoteHdr.Hdr.n_descsz);
+    {
+       rc = pVBoxCore->pfnWriter(pVBoxCore->hCoreFile, pcv, cb);
+       if (RT_SUCCESS(rc))
+       {
+           if (cbAlign > cb)
+               rc = pVBoxCore->pfnWriter(pVBoxCore->hCoreFile, s_achPad, cbAlign - cb);
+       }
+    }
 
     if (RT_FAILURE(rc))