From 053a763aa61a801ac2259ee87aaed4cd140557d9 Mon Sep 17 00:00:00 2001 From: Franck HÉRÉSON Date: Wed, 28 Oct 2009 10:24:55 -0700 Subject: bugfix: stack corruption loading IHex images The Hex parser uses a fixed number of sections. When the number of sections in the file is greater than that, the stack get corrupted and a CHECKSUM ERROR is detected which is very confusing. This checks the number of sections read, and increases IMAGE_MAX_SECTIONS so it works on my file. Signed-off-by: David Brownell --- src/target/image.c | 21 +++++++++++++++++++++ src/target/image.h | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/target/image.c b/src/target/image.c index d51e8743..b9e641b3 100644 --- a/src/target/image.c +++ b/src/target/image.c @@ -8,6 +8,9 @@ * Copyright (C) 2008 by Spencer Oliver * * spen@spen-soft.co.uk * * * + * Copyright (C) 2009 by Franck Hereson * + * franck.hereson@secad.fr * + * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * @@ -196,6 +199,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; @@ -252,6 +261,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; @@ -292,6 +307,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; diff --git a/src/target/image.h b/src/target/image.h index d90b544a..551524e3 100644 --- a/src/target/image.h +++ b/src/target/image.h @@ -33,7 +33,7 @@ #endif #define IMAGE_MAX_ERROR_STRING (256) -#define IMAGE_MAX_SECTIONS (128) +#define IMAGE_MAX_SECTIONS (512) #define IMAGE_MEMORY_CACHE_SIZE (2048) -- cgit v1.2.3