From 874f0157eb01f8486b8e739244b4429a92a8182e Mon Sep 17 00:00:00 2001 From: Paul Fertser Date: Wed, 12 Aug 2015 01:03:02 +0300 Subject: [PATCH] svf: fix segfaults exposed by some SVF The problem was reported by jstefanop on IRC, the SVF was generated with Xilinx ISE 14.7. Found and investigated with Valgrind's vgdb service. Change-Id: I32b0e77e0380ce4a391661f97449f9c2a5f83625 Signed-off-by: Paul Fertser Reviewed-on: http://openocd.zylin.com/2933 Tested-by: jenkins --- src/svf/svf.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/svf/svf.c b/src/svf/svf.c index 15198d9b14..a90ccd1543 100644 --- a/src/svf/svf.c +++ b/src/svf/svf.c @@ -259,7 +259,7 @@ static void svf_hexbuf_print(int dbg_lvl, const char *file, unsigned line, int msbits = bit_len % 8; /* allocate 2 bytes per hex digit */ - char *prbuf = malloc((byte_len * 2) + 1); + char *prbuf = malloc((byte_len * 2) + 2 + 1); if (!prbuf) return; @@ -1034,6 +1034,19 @@ XXR_common: } i_tmp = xxr_para_tmp->len; xxr_para_tmp->len = atoi(argus[1]); + /* If we are to enlarge the buffers, all parts of xxr_para_tmp + * need to be freed */ + if (i_tmp < xxr_para_tmp->len) { + free(xxr_para_tmp->tdi); + xxr_para_tmp->tdi = NULL; + free(xxr_para_tmp->tdo); + xxr_para_tmp->tdo = NULL; + free(xxr_para_tmp->mask); + xxr_para_tmp->mask = NULL; + free(xxr_para_tmp->smask); + xxr_para_tmp->smask = NULL; + } + LOG_DEBUG("\tlength = %d", xxr_para_tmp->len); xxr_para_tmp->data_mask = 0; for (i = 2; i < num_of_argu; i += 2) { -- 2.30.2