bugfix: stack corruption loading IHex images
The Hex parser uses a fixed number of sections. When the number of sections in the file is greater than that, the stack get corrupted and a CHECKSUM ERROR is detected which is very confusing. This checks the number of sections read, and increases IMAGE_MAX_SECTIONS so it works on my file. Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This commit is contained in:
parent
0b882951b7
commit
053a763aa6
|
@ -8,6 +8,9 @@
|
||||||
* Copyright (C) 2008 by Spencer Oliver *
|
* Copyright (C) 2008 by Spencer Oliver *
|
||||||
* spen@spen-soft.co.uk *
|
* spen@spen-soft.co.uk *
|
||||||
* *
|
* *
|
||||||
|
* Copyright (C) 2009 by Franck Hereson *
|
||||||
|
* franck.hereson@secad.fr *
|
||||||
|
* *
|
||||||
* This program is free software; you can redistribute it and/or modify *
|
* This program is free software; you can redistribute it and/or modify *
|
||||||
* it under the terms of the GNU General Public License as published by *
|
* it under the terms of the GNU General Public License as published by *
|
||||||
* the Free Software Foundation; either version 2 of the License, or *
|
* the Free Software Foundation; either version 2 of the License, or *
|
||||||
|
@ -196,6 +199,12 @@ static int image_ihex_buffer_complete(image_t *image)
|
||||||
if (section[image->num_sections].size != 0)
|
if (section[image->num_sections].size != 0)
|
||||||
{
|
{
|
||||||
image->num_sections++;
|
image->num_sections++;
|
||||||
|
if (image->num_sections >= IMAGE_MAX_SECTIONS)
|
||||||
|
{
|
||||||
|
/* too many sections */
|
||||||
|
LOG_ERROR("Too many sections found in IHEX file");
|
||||||
|
return ERROR_IMAGE_FORMAT_ERROR;
|
||||||
|
}
|
||||||
section[image->num_sections].size = 0x0;
|
section[image->num_sections].size = 0x0;
|
||||||
section[image->num_sections].flags = 0;
|
section[image->num_sections].flags = 0;
|
||||||
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
|
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
|
||||||
|
@ -252,6 +261,12 @@ static int image_ihex_buffer_complete(image_t *image)
|
||||||
if (section[image->num_sections].size != 0)
|
if (section[image->num_sections].size != 0)
|
||||||
{
|
{
|
||||||
image->num_sections++;
|
image->num_sections++;
|
||||||
|
if (image->num_sections >= IMAGE_MAX_SECTIONS)
|
||||||
|
{
|
||||||
|
/* too many sections */
|
||||||
|
LOG_ERROR("Too many sections found in IHEX file");
|
||||||
|
return ERROR_IMAGE_FORMAT_ERROR;
|
||||||
|
}
|
||||||
section[image->num_sections].size = 0x0;
|
section[image->num_sections].size = 0x0;
|
||||||
section[image->num_sections].flags = 0;
|
section[image->num_sections].flags = 0;
|
||||||
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
|
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
|
||||||
|
@ -292,6 +307,12 @@ static int image_ihex_buffer_complete(image_t *image)
|
||||||
if (section[image->num_sections].size != 0)
|
if (section[image->num_sections].size != 0)
|
||||||
{
|
{
|
||||||
image->num_sections++;
|
image->num_sections++;
|
||||||
|
if (image->num_sections >= IMAGE_MAX_SECTIONS)
|
||||||
|
{
|
||||||
|
/* too many sections */
|
||||||
|
LOG_ERROR("Too many sections found in IHEX file");
|
||||||
|
return ERROR_IMAGE_FORMAT_ERROR;
|
||||||
|
}
|
||||||
section[image->num_sections].size = 0x0;
|
section[image->num_sections].size = 0x0;
|
||||||
section[image->num_sections].flags = 0;
|
section[image->num_sections].flags = 0;
|
||||||
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
|
section[image->num_sections].private = &ihex->buffer[cooked_bytes];
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define IMAGE_MAX_ERROR_STRING (256)
|
#define IMAGE_MAX_ERROR_STRING (256)
|
||||||
#define IMAGE_MAX_SECTIONS (128)
|
#define IMAGE_MAX_SECTIONS (512)
|
||||||
|
|
||||||
#define IMAGE_MEMORY_CACHE_SIZE (2048)
|
#define IMAGE_MEMORY_CACHE_SIZE (2048)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue