[lldb] Handle malformed qfThreadInfo reply

If the remote gdbserver's qfThreadInfo reply has a trailing comma, GDBRemoteCommunicationClient::GetCurrentProcessAndThreadIDs will return an empty vector of thread ids. This will cause lldb to recurse through three functions trying to get the list of threads, until it blows its stack and crashes. A trailing comma is a malformed response, but it shouldn't cause lldb to crash. This patch will return the tids received before the malformed response. Reviewed By: clayborg, labath Differential Revision: https://reviews.llvm.org/D109937
2021-09-16 18:40:09 -05:00 · 2021-09-16 18:40:09 -05:00 · 953ddded1a
parent d83ca624a1
commit 953ddded1a
2 changed files with 32 additions and 1 deletions
--- a/lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp
+++ b/lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp
@ -2908,8 +2908,12 @@ GDBRemoteCommunicationClient::GetCurrentProcessAndThreadIDs(
      if (ch == 'm') {
        do {
          auto pid_tid = response.GetPidTid(LLDB_INVALID_PROCESS_ID);
+          // If we get an invalid response, break out of the loop.
+          // If there are valid tids, they have been added to ids.
+          // If there are no valid tids, we'll fall through to the
+          // bare-iron target handling below.
          if (!pid_tid)
-            return {};
+            break;

          ids.push_back(pid_tid.getValue());
          ch = response.GetChar(); // Skip the command separator
--- a/lldb/test/API/functionalities/gdb_remote_client/TestThreadInfoTrailingComma.py
+++ b/lldb/test/API/functionalities/gdb_remote_client/TestThreadInfoTrailingComma.py
@ -0,0 +1,27 @@
+import lldb
+from lldbsuite.test.lldbtest import *
+from lldbsuite.test.decorators import *
+from gdbclientutils import *
+
+
+class TestThreadInfoTrailingComma(GDBRemoteTestBase):
+
+    def test(self):
+        class MyResponder(MockGDBServerResponder):
+            def haltReason(self):
+                return "T02thread:1"
+
+            def qfThreadInfo(self):
+                return "m1,2,3,4,"
+
+        self.server.responder = MyResponder()
+        target = self.dbg.CreateTarget('')
+        if self.TraceOn():
+          self.runCmd("log enable gdb-remote packets")
+          self.addTearDownHook(
+                lambda: self.runCmd("log disable gdb-remote packets"))
+        process = self.connect(target)
+        self.assertEqual(process.GetThreadAtIndex(0).GetThreadID(), 1)
+        self.assertEqual(process.GetThreadAtIndex(1).GetThreadID(), 2)
+        self.assertEqual(process.GetThreadAtIndex(2).GetThreadID(), 3)
+        self.assertEqual(process.GetThreadAtIndex(3).GetThreadID(), 4)