summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranck HÉRÉSON <franck.hereson@secad.fr>2009-10-28 10:24:55 -0700
committerDavid Brownell <dbrownell@users.sourceforge.net>2009-10-28 10:24:55 -0700
commit053a763aa61a801ac2259ee87aaed4cd140557d9 (patch)
treea542b5698875aad60b085411d152350e3ac53918
parent0b882951b7f2d2bb25a2d78db4bb84134a86216c (diff)
downloadopenocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.tar.gz
openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.tar.bz2
openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.tar.xz
openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.zip
bugfix: stack corruption loading IHex images
The Hex parser uses a fixed number of sections. When the number of sections in the file is greater than that, the stack get corrupted and a CHECKSUM ERROR is detected which is very confusing. This checks the number of sections read, and increases IMAGE_MAX_SECTIONS so it works on my file. Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
-rw-r--r--src/target/image.c21
-rw-r--r--src/target/image.h2
2 files changed, 22 insertions, 1 deletions
diff --git a/src/target/image.c b/src/target/image.c
index d51e8743..b9e641b3 100644
--- a/src/target/image.c
+++ b/src/target/image.c
@@ -8,6 +8,9 @@
* Copyright (C) 2008 by Spencer Oliver *
* spen@spen-soft.co.uk *
* *
+ * Copyright (C) 2009 by Franck Hereson *
+ * franck.hereson@secad.fr *
+ * *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
@@ -196,6 +199,12 @@ static int image_ihex_buffer_complete(image_t *image)
if (section[image->num_sections].size != 0)
{
image->num_sections++;
+ if (image->num_sections >= IMAGE_MAX_SECTIONS)
+ {
+ /* too many sections */
+ LOG_ERROR("Too many sections found in IHEX file");
+ return ERROR_IMAGE_FORMAT_ERROR;
+ }
section[image->num_sections].size = 0x0;
section[image->num_sections].flags = 0;
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
@@ -252,6 +261,12 @@ static int image_ihex_buffer_complete(image_t *image)
if (section[image->num_sections].size != 0)
{
image->num_sections++;
+ if (image->num_sections >= IMAGE_MAX_SECTIONS)
+ {
+ /* too many sections */
+ LOG_ERROR("Too many sections found in IHEX file");
+ return ERROR_IMAGE_FORMAT_ERROR;
+ }
section[image->num_sections].size = 0x0;
section[image->num_sections].flags = 0;
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
@@ -292,6 +307,12 @@ static int image_ihex_buffer_complete(image_t *image)
if (section[image->num_sections].size != 0)
{
image->num_sections++;
+ if (image->num_sections >= IMAGE_MAX_SECTIONS)
+ {
+ /* too many sections */
+ LOG_ERROR("Too many sections found in IHEX file");
+ return ERROR_IMAGE_FORMAT_ERROR;
+ }
section[image->num_sections].size = 0x0;
section[image->num_sections].flags = 0;
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
diff --git a/src/target/image.h b/src/target/image.h
index d90b544a..551524e3 100644
--- a/src/target/image.h
+++ b/src/target/image.h
@@ -33,7 +33,7 @@
#endif
#define IMAGE_MAX_ERROR_STRING (256)
-#define IMAGE_MAX_SECTIONS (128)
+#define IMAGE_MAX_SECTIONS (512)
#define IMAGE_MEMORY_CACHE_SIZE (2048)