diff options
author | Franck HÉRÉSON <franck.hereson@secad.fr> | 2009-10-28 10:24:55 -0700 |
---|---|---|
committer | David Brownell <dbrownell@users.sourceforge.net> | 2009-10-28 10:24:55 -0700 |
commit | 053a763aa61a801ac2259ee87aaed4cd140557d9 (patch) | |
tree | a542b5698875aad60b085411d152350e3ac53918 /src/target | |
parent | 0b882951b7f2d2bb25a2d78db4bb84134a86216c (diff) | |
download | openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.tar.gz openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.tar.bz2 openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.tar.xz openocd+libswd-053a763aa61a801ac2259ee87aaed4cd140557d9.zip |
bugfix: stack corruption loading IHex images
The Hex parser uses a fixed number of sections. When the
number of sections in the file is greater than that, the
stack get corrupted and a CHECKSUM ERROR is detected
which is very confusing.
This checks the number of sections read, and increases
IMAGE_MAX_SECTIONS so it works on my file.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Diffstat (limited to 'src/target')
-rw-r--r-- | src/target/image.c | 21 | ||||
-rw-r--r-- | src/target/image.h | 2 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/target/image.c b/src/target/image.c index d51e8743..b9e641b3 100644 --- a/src/target/image.c +++ b/src/target/image.c @@ -8,6 +8,9 @@ * Copyright (C) 2008 by Spencer Oliver * * spen@spen-soft.co.uk * * * + * Copyright (C) 2009 by Franck Hereson * + * franck.hereson@secad.fr * + * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * @@ -196,6 +199,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; @@ -252,6 +261,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; @@ -292,6 +307,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; diff --git a/src/target/image.h b/src/target/image.h index d90b544a..551524e3 100644 --- a/src/target/image.h +++ b/src/target/image.h @@ -33,7 +33,7 @@ #endif #define IMAGE_MAX_ERROR_STRING (256) -#define IMAGE_MAX_SECTIONS (128) +#define IMAGE_MAX_SECTIONS (512) #define IMAGE_MEMORY_CACHE_SIZE (2048) |