diff options
author | Mathias K <kesmtp@freenet.de> | 2011-02-24 13:00:59 +0100 |
---|---|---|
committer | Øyvind Harboe <oyvind.harboe@zylin.com> | 2011-02-24 23:20:03 +0100 |
commit | 6ddcee7d20ee873f1c214736c22f29d9781dded4 (patch) | |
tree | d74bc998c444b9f17775f5eadc3dd6da27c83c36 | |
parent | 47b5829db40459650866488ab46008fd8b7e191c (diff) | |
download | openocd+libswd-6ddcee7d20ee873f1c214736c22f29d9781dded4.tar.gz openocd+libswd-6ddcee7d20ee873f1c214736c22f29d9781dded4.tar.bz2 openocd+libswd-6ddcee7d20ee873f1c214736c22f29d9781dded4.tar.xz openocd+libswd-6ddcee7d20ee873f1c214736c22f29d9781dded4.zip |
ft2232: fix possible read buffer overflow
This patch fix a possible read buffer overflow in ft2232_execute_queue.
Also the correct read queue size for libftdi and libftd2xx was added and
and tested.
In function ft2232_write a uninitialized value was initialized because we
don't know if this value was set in the ftdi api call.
-rw-r--r-- | src/jtag/drivers/ft2232.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/jtag/drivers/ft2232.c b/src/jtag/drivers/ft2232.c index 9024f8e0..a84d069c 100644 --- a/src/jtag/drivers/ft2232.c +++ b/src/jtag/drivers/ft2232.c @@ -373,6 +373,12 @@ static int require_send; a comment would have been nice. */ +#if BUILD_FT2232_FTD2XX == 1 +#define FT2232_BUFFER_READ_QUEUE_SIZE (64*64) +#else +#define FT2232_BUFFER_READ_QUEUE_SIZE (64*4) +#endif + #define FT2232_BUFFER_SIZE 131072 static uint8_t* ft2232_buffer = NULL; @@ -499,7 +505,7 @@ static int ft2232_write(uint8_t* buf, int size, uint32_t* bytes_written) { #if BUILD_FT2232_FTD2XX == 1 FT_STATUS status; - DWORD dw_bytes_written; + DWORD dw_bytes_written = 0; if ((status = FT_Write(ftdih, buf, size, &dw_bytes_written)) != FT_OK) { *bytes_written = dw_bytes_written; @@ -2081,12 +2087,20 @@ static int ft2232_execute_queue(void) while (cmd) { + /* fill the write buffer with the desired command */ if (ft2232_execute_command(cmd) != ERROR_OK) retval = ERROR_JTAG_QUEUE_FAILED; - /* Start reading input before FT2232 TX buffer fills up */ + /* Start reading input before FT2232 TX buffer fills up. + * Sometimes this happens because we don't know the + * length of the last command before we execute it. So + * we simple inform the user. + */ cmd = cmd->next; - if (ft2232_expect_read > 256) + + if (ft2232_expect_read >= FT2232_BUFFER_READ_QUEUE_SIZE ) { + if (ft2232_expect_read > (FT2232_BUFFER_READ_QUEUE_SIZE+1) ) + LOG_WARNING("read buffer size looks to high"); if (ft2232_send_and_recv(first_unsent, cmd) != ERROR_OK) retval = ERROR_JTAG_QUEUE_FAILED; first_unsent = cmd; |