Code Review / openocd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 47b5829)
ft2232: fix possible read buffer overflow
authorMathias K <kesmtp@freenet.de>
Thu, 24 Feb 2011 12:00:59 +0000 (13:00 +0100)
committerØyvind Harboe <oyvind.harboe@zylin.com>
Thu, 24 Feb 2011 22:20:03 +0000 (23:20 +0100)
This patch fix a possible read buffer overflow in ft2232_execute_queue.
Also the correct read queue size for libftdi and libftd2xx was added and
and tested.
In function ft2232_write a uninitialized value was initialized because we
don't know if this value was set in the ftdi api call.

src/jtag/drivers/ft2232.c patch | blob | history

diff --git a/src/jtag/drivers/ft2232.c b/src/jtag/drivers/ft2232.c
index 9024f8e08e8e1f7877395eb63c41d756bd318c6b..a84d069c9c4108f15be057289078f679338ecf9f 100644 (file)
--- a/src/jtag/drivers/ft2232.c
+++ b/src/jtag/drivers/ft2232.c
@@ -373,6 +373,12 @@ static int             require_send;
        a comment would have been nice.
 */
 
+#if BUILD_FT2232_FTD2XX == 1
+#define FT2232_BUFFER_READ_QUEUE_SIZE  (64*64)
+#else
+#define FT2232_BUFFER_READ_QUEUE_SIZE  (64*4)
+#endif
+
 #define FT2232_BUFFER_SIZE 131072
 
 static uint8_t*             ft2232_buffer = NULL;
@@ -499,7 +505,7 @@ static int ft2232_write(uint8_t* buf, int size, uint32_t* bytes_written)
 {
 #if BUILD_FT2232_FTD2XX == 1
        FT_STATUS status;
-       DWORD dw_bytes_written;
+       DWORD dw_bytes_written = 0;
        if ((status = FT_Write(ftdih, buf, size, &dw_bytes_written)) != FT_OK)
        {
                *bytes_written = dw_bytes_written;
@@ -2081,12 +2087,20 @@ static int ft2232_execute_queue(void)
 
        while (cmd)
        {
+               /* fill the write buffer with the desired command */
                if (ft2232_execute_command(cmd) != ERROR_OK)
                        retval = ERROR_JTAG_QUEUE_FAILED;
-               /* Start reading input before FT2232 TX buffer fills up */
+               /* Start reading input before FT2232 TX buffer fills up.
+                * Sometimes this happens because we don't know the
+                * length of the last command before we execute it. So
+                * we simple inform the user.
+                */
                cmd = cmd->next;
-               if (ft2232_expect_read > 256)
+
+               if (ft2232_expect_read >= FT2232_BUFFER_READ_QUEUE_SIZE )
                {
+                       if (ft2232_expect_read > (FT2232_BUFFER_READ_QUEUE_SIZE+1) )
+                               LOG_WARNING("read buffer size looks to high");
                        if (ft2232_send_and_recv(first_unsent, cmd) != ERROR_OK)
                                retval = ERROR_JTAG_QUEUE_FAILED;
                        first_unsent = cmd;
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)