Code Review / openocd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0b88295)
bugfix: stack corruption loading IHex images
authorFranck HÉRÉSON <franck.hereson@secad.fr>
Wed, 28 Oct 2009 17:24:55 +0000 (10:24 -0700)
committerDavid Brownell <dbrownell@users.sourceforge.net>
Wed, 28 Oct 2009 17:24:55 +0000 (10:24 -0700)
The Hex parser uses a fixed number of sections.  When the
number of sections in the file is greater than that, the
stack get corrupted and a CHECKSUM ERROR is detected
which is very confusing.

This checks the number of sections read, and increases
IMAGE_MAX_SECTIONS so it works on my file.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
src/target/image.c patch | blob | history
src/target/image.h patch | blob | history

diff --git a/src/target/image.c b/src/target/image.c
index d51e8743b23ba5f6c5b11c6972ae6bad9083800c..b9e641b331217bbc41a4d35f5af1f0c9d319bd58 100644 (file)
--- a/src/target/image.c
+++ b/src/target/image.c
@@ -8,6 +8,9 @@
  *   Copyright (C) 2008 by Spencer Oliver                                  *
  *   spen@spen-soft.co.uk                                                  *
  *                                                                         *
+ *   Copyright (C) 2009 by Franck Hereson                                  *
+ *   franck.hereson@secad.fr                                               *
+ *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
  *   it under the terms of the GNU General Public License as published by  *
  *   the Free Software Foundation; either version 2 of the License, or     *
@@ -196,6 +199,12 @@ static int image_ihex_buffer_complete(image_t *image)
                                if (section[image->num_sections].size != 0)
                                {
                                        image->num_sections++;
+                                       if (image->num_sections >= IMAGE_MAX_SECTIONS)
+                                       {
+                                               /* too many sections */
+                                               LOG_ERROR("Too many sections found in IHEX file");
+                                               return ERROR_IMAGE_FORMAT_ERROR;
+                                       }
                                        section[image->num_sections].size = 0x0;
                                        section[image->num_sections].flags = 0;
                                        section[image->num_sections].private = &ihex->buffer[cooked_bytes];
@@ -252,6 +261,12 @@ static int image_ihex_buffer_complete(image_t *image)
                                if (section[image->num_sections].size != 0)
                                {
                                        image->num_sections++;
+                                       if (image->num_sections >= IMAGE_MAX_SECTIONS)
+                                       {
+                                               /* too many sections */
+                                               LOG_ERROR("Too many sections found in IHEX file");
+                                               return ERROR_IMAGE_FORMAT_ERROR;
+                                       }
                                        section[image->num_sections].size = 0x0;
                                        section[image->num_sections].flags = 0;
                                        section[image->num_sections].private = &ihex->buffer[cooked_bytes];
@@ -292,6 +307,12 @@ static int image_ihex_buffer_complete(image_t *image)
                                if (section[image->num_sections].size != 0)
                                {
                                        image->num_sections++;
+                                       if (image->num_sections >= IMAGE_MAX_SECTIONS)
+                                       {
+                                               /* too many sections */
+                                               LOG_ERROR("Too many sections found in IHEX file");
+                                               return ERROR_IMAGE_FORMAT_ERROR;
+                                       }
                                        section[image->num_sections].size = 0x0;
                                        section[image->num_sections].flags = 0;
                                        section[image->num_sections].private = &ihex->buffer[cooked_bytes];
diff --git a/src/target/image.h b/src/target/image.h
index d90b544a449929b8dd3a52d9d8ad4ff6dc68e209..551524e306292aaafba5a0e7a97fec6d988c2e1e 100644 (file)
--- a/src/target/image.h
+++ b/src/target/image.h
@@ -33,7 +33,7 @@
 #endif
 
 #define IMAGE_MAX_ERROR_STRING         (256)
-#define IMAGE_MAX_SECTIONS                     (128)
+#define IMAGE_MAX_SECTIONS                     (512)
 
 #define IMAGE_MEMORY_CACHE_SIZE                (2048)
 
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)