Code Review / openocd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 33573cd) | patch
jtag/commands: fixed buffer overflow 26/8126/3
authorSydMontague <sydmontague@phoenix-staffel.de>
Fri, 2 Feb 2024 11:12:48 +0000 (12:12 +0100)
committerAntonio Borneo <borneo.antonio@gmail.com>
Sat, 24 Feb 2024 13:41:06 +0000 (13:41 +0000)
commit179169268ca1bbac092324f597fbea090d75355e
tree7c05b6f7cba6dbeb30a1eeb0c7a369c3c24ca93btree | snapshot
parent33573cda4aa5685b32c44a81b1f2d84a28d78810commit | diff
jtag/commands: fixed buffer overflow

When performing a command queue allocation larger than the default page
size of 1MiB any subsequent allocations will run into an integer under-
flow when checking for the remaining memory left in the current page.
Causing the function returning a pointer past the end of the buffer and
thus creating a buffer overflow.

This has been observed to cause some transfers to Efinix FPGAs to fail,
because another buffer can get corrupted in the process, causing its
respective free() to fail.

Change-Id: Ic5a0e1774e2dbd58f1a05127f14816c8251a7d9c
Signed-off-by: SydMontague <sydmontague@phoenix-staffel.de>
Reviewed-on: https://review.openocd.org/c/openocd/+/8126
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Tested-by: jenkins
src/jtag/commands.c diff | blob | history
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)