imi415
/
openocd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

svf: fix segfaults exposed by some SVF 

The problem was reported by jstefanop on IRC, the SVF was generated with
Xilinx ISE 14.7.

Found and investigated with Valgrind's vgdb service.

Change-Id: I32b0e77e0380ce4a391661f97449f9c2a5f83625
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2933
Tested-by: jenkins
This commit is contained in:
Paul Fertser 2015-08-12 01:03:02 +03:00 committed by Spencer Oliver
parent 4b0477abc1
commit 874f0157eb
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/svf/svf.c
View File

@ -259,7 +259,7 @@ static void svf_hexbuf_print(int dbg_lvl, const char *file, unsigned line,
int msbits = bit_len % 8;
/* allocate 2 bytes per hex digit */
char *prbuf = malloc((byte_len * 2) + 1);
char *prbuf = malloc((byte_len * 2) + 2 + 1);
if (!prbuf)
return;
@ -1034,6 +1034,19 @@ XXR_common:
}
i_tmp = xxr_para_tmp->len;
xxr_para_tmp->len = atoi(argus[1]);
/* If we are to enlarge the buffers, all parts of xxr_para_tmp
* need to be freed */
if (i_tmp < xxr_para_tmp->len) {
free(xxr_para_tmp->tdi);
xxr_para_tmp->tdi = NULL;
free(xxr_para_tmp->tdo);
xxr_para_tmp->tdo = NULL;
free(xxr_para_tmp->mask);
xxr_para_tmp->mask = NULL;
free(xxr_para_tmp->smask);
xxr_para_tmp->smask = NULL;
}
LOG_DEBUG("\tlength = %d", xxr_para_tmp->len);
xxr_para_tmp->data_mask = 0;
for (i = 2; i < num_of_argu; i += 2) {