From e10fb1e2a4bd36ea8b47eb2ddc85cccf53e05a47 Mon Sep 17 00:00:00 2001 From: Ryan QIAN Date: Wed, 10 Sep 2025 12:23:26 +0800 Subject: [PATCH] gdb_server: Fix buffer size calculation for snprintf null terminator The buffer size check was using len + 4 but snprintf requires additional space for the null terminator. The snprintf call formats '#%02x' which needs 4 bytes total (1 for '#', 2 for checksum, 1 for null terminator). The original check of len + 4 was insufficient and could cause snprintf to truncate the checksum and replace the last character with '\0', leading to malformed GDB packets. Fix by changing the buffer size check from len + 4 to len + 5 (1 for '$', 1 for '#', 2 for checksum, 1 for null terminator) to provide adequate space for snprintf's null terminator. Change-Id: Ibf8b3c3f5e4d5ac5be795b8e688e055453798afe Signed-off-by: Ryan QIAN Reviewed-on: https://review.openocd.org/c/openocd/+/9117 Tested-by: jenkins Reviewed-by: Tomas Vanek --- src/server/gdb_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c index e06412db5..356dd6ec4 100644 --- a/src/server/gdb_server.c +++ b/src/server/gdb_server.c @@ -474,7 +474,7 @@ static int gdb_put_packet_inner(struct connection *connection, char local_buffer[1024]; local_buffer[0] = '$'; - if ((size_t)len + 4 <= sizeof(local_buffer)) { + if ((size_t)len + 5 <= sizeof(local_buffer)) { /* performance gain on smaller packets by only a single call to gdb_write() */ memcpy(local_buffer + 1, buffer, len++); len += snprintf(local_buffer + len, sizeof(local_buffer) - len, "#%02x", my_checksum);