From: Joerg Fischer <turboj@gmx.de>
Date: Sun, 10 Feb 2013 20:45:30 +0000 (+0100)
Subject: Fix buffer overflow in versaloon interface
X-Git-Tag: v0.7.0-rc1~76
X-Git-Url: https://review.openocd.org/gitweb?p=openocd.git;a=commitdiff_plain;h=80f78acf7350ca9f812b520ec80f9bc6159d7f0c

Fix buffer overflow in versaloon interface

The USB buffer will need space for both TMS and TDI buffers.
Each holds tap_buffer_size bytes maximum, so tap_buffer_size must be
smaller than half of usb buf_size.

Change-Id: Id8f39936a894cbd98deb89eec5a859aef1e2b783
Signed-off-by: Joerg Fischer <turboj@gmx.de>
Reviewed-on: http://openocd.zylin.com/1136
Tested-by: jenkins
Reviewed-by: simon qian <simonqian.openocd@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
---

diff --git a/src/jtag/drivers/vsllink.c b/src/jtag/drivers/vsllink.c
index 1c0c3e1eee..b9bda5d1e1 100644
--- a/src/jtag/drivers/vsllink.c
+++ b/src/jtag/drivers/vsllink.c
@@ -302,7 +302,7 @@ static int vsllink_init(void)
 	}
 
 	/* malloc buffer size for tap */
-	tap_buffer_size = versaloon_interface.usb_setting.buf_size - 32;
+	tap_buffer_size = versaloon_interface.usb_setting.buf_size / 2 - 32;
 	vsllink_free_buffer();
 	tdi_buffer = (uint8_t *)malloc(tap_buffer_size);
 	tdo_buffer = (uint8_t *)malloc(tap_buffer_size);