jtag/bitq: array boundary overflow 33/4733/4
authorxuguangxiao <szgxxu@qq.com>
Tue, 23 Oct 2018 07:43:11 +0000 (15:43 +0800)
committerTomas Vanek <vanekt@fbl.cz>
Sat, 10 Nov 2018 21:15:39 +0000 (21:15 +0000)
The for loop inside bitq_path_move function is not correct, this will
overflow the cmd->path array and produces an unpredictable result.

Change-Id: I81e3bc9ee6d1dd948acd2fe4c667103ac22bb26f
Signed-off-by: xuguangxiao <szgxxu@qq.com>
Reviewed-on: http://openocd.zylin.com/4733
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
src/jtag/drivers/bitq.c

index 66285f7..55dfe0a 100644 (file)
@@ -123,7 +123,7 @@ static void bitq_path_move(struct pathmove_command *cmd)
 {
        int i;
 
-       for (i = 0; i <= cmd->num_states; i++) {
+       for (i = 0; i < cmd->num_states; i++) {
                if (tap_state_transition(tap_get_state(), false) == cmd->path[i])
                        bitq_io(0, 0, 0);
                else if (tap_state_transition(tap_get_state(), true) == cmd->path[i])