Code Review / openocd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 085dd21)
rtos/riot: fix out-of-bounds writes when target is corrupted 81/6381/5
authorSebastiaan de Schaetzen <sebastiaan.de.schaetzen@gmail.com>
Tue, 27 Jul 2021 13:06:57 +0000 (15:06 +0200)
committerAntonio Borneo <borneo.antonio@gmail.com>
Sun, 22 Aug 2021 20:21:47 +0000 (20:21 +0000)
This protects against out-of-bounds writes when the memory
of RIOT's scheduler is corrupted.
This memory can be corrupted because of:
 - Programming errors
 - The scheduler not yet having been initialised
 - An incorrect symbol file being used during debugging.

This error can result in OpenOCD segfaulting. Valgrind was
used to find the approximate location of the error.

Change-Id: I60e7d7c245b8c4e38f4c98cb0c0347a9b5ec3177
Signed-off-by: Sebastiaan de Schaetzen <sebastiaan.de.schaetzen@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/6381
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
src/rtos/riot.c patch | blob | history

diff --git a/src/rtos/riot.c b/src/rtos/riot.c
index 1d53da2b02fd3dbbb4f6ee6bd64c9361ec6d21d1..8a3874202f33ce10329258e57a219574a74c7c12 100644 (file)
--- a/src/rtos/riot.c
+++ b/src/rtos/riot.c
@@ -118,7 +118,7 @@ const struct rtos_type riot_rtos = {
 static int riot_update_threads(struct rtos *rtos)
 {
        int retval;
-       unsigned int tasks_found = 0;
+       int tasks_found = 0;
        const struct riot_params *param;
 
        if (!rtos)
@@ -170,7 +170,6 @@ static int riot_update_threads(struct rtos *rtos)
                        riot_symbol_list[RIOT_NUM_THREADS].name);
                return retval;
        }
-       rtos->thread_count = thread_count;
 
        /* read the maximum number of threads */
        uint8_t max_threads = 0;
@@ -182,6 +181,11 @@ static int riot_update_threads(struct rtos *rtos)
                        riot_symbol_list[RIOT_MAX_THREADS].name);
                return retval;
        }
+       if (thread_count > max_threads) {
+               LOG_ERROR("Thread count is invalid");
+               return ERROR_FAIL;
+       }
+       rtos->thread_count = thread_count;
 
        /* Base address of thread array */
        uint32_t threads_base = rtos->symbols[RIOT_THREADS_BASE].address;
@@ -211,6 +215,9 @@ static int riot_update_threads(struct rtos *rtos)
        char buffer[32];
 
        for (unsigned int i = 0; i < max_threads; i++) {
+               if (tasks_found == rtos->thread_count)
+                       break;
+
                /* get pointer to tcb_t */
                uint32_t tcb_pointer = 0;
                retval = target_read_u32(rtos->target,
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)