GDB output parsing security
nakst opened this issue · 1 comments
nakst commented
When debugging untrusted executables running on a remote target, it may be possible for the executable may send malicious output that causes gf to behave unexpectedly in its parsing code. The parsing code needs to be checked/fuzzed/etc.
(When I was writing the GDB output parsing code, this was not a concern because I was only expecting to use it to debug trusted executables. But now that gf has grown in popularity this needs to be addressed.)
nakst commented
EvaluateCommand
- DebuggerGetStack
- DebuggerGetBreakpoints
- TabCompleterRun
- gf-get-pwd
- DisplaySetPosition
- DisassemblyLoad
- DisassemblyUpdateLine
- SourceWindowUpdate -> autoPrintExpression
- WatchChangeLoggerCreate
- CommandWatchViewSourceAtAddress
- RegistersWindowUpdate
- ThreadWindowUpdate
- ExecutableWindowStartOrRun
WatchEvaluate
- WatchHasFields
- WatchAddFields
- WatchAddExpression
- WatchGetAddress
- CommandWatchAddEntryForAddress
- CommandWatchSaveAsRecurse
- WatchWindowMessage -> UI_MSG_PAINT
- WatchWindowUpdate
EvaluateExpression
- InspectCurrentLine
- BitmapViewerGetBits
- WatchLoggerUpdate
Update callback
- SourceWindowUpdate
- WatchLoggerUpdate