[OpenOCD-devel] [PATCH]: 2adac8a Fix buffer overflow in versaloon interface

Sun, 10 Feb 2013 12:43:44 -0800 

This is an automated email from Gerrit.

Jörg Fischer ([email protected]) just uploaded a new patch set to Gerrit, which you 
can find at http://openocd.zylin.com/1136

-- gerrit

commit 2adac8aafc8ebac58a74d3e884b37b13521efb68
Author: Joerg Fischer <[email protected]>
Date:   Sun Feb 10 21:32:13 2013 +0100

    Fix buffer overflow in versaloon interface
    
    The USB buffer will need space for both TMS and TDI buffers.
    Each holds tap_buffer_size bytes maximum, so tap_buffer_size must be
    smaller than half of usb buf_size.
    
    Change-Id: Id8f39936a894cbd98deb89eec5a859aef1e2b783
    Signed-off-by: Joerg Fischer <[email protected]>

diff --git a/src/jtag/drivers/vsllink.c b/src/jtag/drivers/vsllink.c
index 1c0c3e1..0afe3f1 100644
--- a/src/jtag/drivers/vsllink.c
+++ b/src/jtag/drivers/vsllink.c
@@ -302,7 +302,7 @@ static int vsllink_init(void)
        }
 
        /* malloc buffer size for tap */
-       tap_buffer_size = versaloon_interface.usb_setting.buf_size - 32;
+       tap_buffer_size = versaloon_interface.usb_setting.buf_size / 2 - 32;
        vsllink_free_buffer();
        tdi_buffer = (uint8_t *)malloc(tap_buffer_size);
        tdo_buffer = (uint8_t *)malloc(tap_buffer_size);
@@ -672,12 +672,16 @@ static uint8_t usb_check_string(usb_dev_handle *usb, 
uint8_t stringidx,
        len = usb_get_string_simple(usb, stringidx, (char *)buff, buf_size);
        if ((len < 0) || (len != ((int)strlen((const char *)buff)))) {
                ret = 0;
+                if (len)
+                LOG_ERROR("Mismatch: %d: %s <> %s", stringidx, buff, string);
+                else LOG_ERROR("LEN == 0");
                goto free_and_return;
        }
 
        buff[len] = '\0';
        if ((string != NULL) && strcmp((const char *)buff, string)) {
                ret = 0;
+                LOG_ERROR("Mismatch: %s <> %s", buff, string);
                goto free_and_return;
        }
 
@@ -753,9 +757,10 @@ static struct vsllink *vsllink_usb_open(void)
                        versaloon_interface.usb_setting.pid,
                        versaloon_interface.usb_setting.interface,
                        0, NULL, 2, "Versaloon");
-       if (NULL == dev)
+       if (NULL == dev) {
+                LOG_ERROR("No Versaloon found!");
                return NULL;
-
+        }
        struct vsllink *result = malloc(sizeof(struct vsllink));
        result->usb_handle = dev;
        return result;

-- 

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
OpenOCD-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openocd-devel

Reply via email to