From: xuguangxiao <szgxxu@qq.com>
Date: Tue, 23 Oct 2018 07:43:11 +0000 (+0800)
Subject: jtag/bitq: array boundary overflow
X-Git-Tag: v0.11.0-rc1~956
X-Git-Url: https://review.openocd.org/gitweb?p=openocd.git;a=commitdiff_plain;h=8262e8a2c03efa5ddcb780da7174210b4c5da7ca;ds=sidebyside

jtag/bitq: array boundary overflow

The for loop inside bitq_path_move function is not correct, this will
overflow the cmd->path array and produces an unpredictable result.

Change-Id: I81e3bc9ee6d1dd948acd2fe4c667103ac22bb26f
Signed-off-by: xuguangxiao <szgxxu@qq.com>
Reviewed-on: http://openocd.zylin.com/4733
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
---

diff --git a/src/jtag/drivers/bitq.c b/src/jtag/drivers/bitq.c
index 66285f7002..55dfe0aa44 100644
--- a/src/jtag/drivers/bitq.c
+++ b/src/jtag/drivers/bitq.c
@@ -123,7 +123,7 @@ static void bitq_path_move(struct pathmove_command *cmd)
 {
 	int i;
 
-	for (i = 0; i <= cmd->num_states; i++) {
+	for (i = 0; i < cmd->num_states; i++) {
 		if (tap_state_transition(tap_get_state(), false) == cmd->path[i])
 			bitq_io(0, 0, 0);
 		else if (tap_state_transition(tap_get_state(), true) == cmd->path[i])