This is an automated email from Gerrit. "Ryan QIAN <[email protected]>" just uploaded a new patch set to Gerrit, which you can find at https://review.openocd.org/c/openocd/+/9117
-- gerrit commit b6bb0661f91b4e86b40758896226cbe5dbe2ab55 Author: Ryan QIAN <[email protected]> Date: Wed Sep 10 12:23:26 2025 +0800 gdb_server: Fix buffer size calculation for snprintf null terminator The buffer size check was using len + 4 but snprintf requires additional space for the null terminator. The snprintf call formats '#%02x' which needs 4 bytes total (1 for '#', 2 for checksum, 1 for null terminator). The original check of len + 4 was insufficient and could cause snprintf to truncate the checksum and replace the last character with '\0', leading to malformed GDB packets. Fix by changing the buffer size check from len + 4 to len + 5 to provide adequate space for snprintf's null terminator. Change-Id: Ibf8b3c3f5e4d5ac5be795b8e688e055453798afe Signed-off-by: Ryan QIAN <[email protected]> diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c index 085058f4f3..ecef1bb45a 100644 --- a/src/server/gdb_server.c +++ b/src/server/gdb_server.c @@ -451,7 +451,7 @@ static int gdb_put_packet_inner(struct connection *connection, char local_buffer[1024]; local_buffer[0] = '$'; - if ((size_t)len + 4 <= sizeof(local_buffer)) { + if ((size_t)len + 5 <= sizeof(local_buffer)) { /* performance gain on smaller packets by only a single call to gdb_write() */ memcpy(local_buffer + 1, buffer, len++); len += snprintf(local_buffer + len, sizeof(local_buffer) - len, "#%02x", my_checksum); --
