gdb server: Fix buffer overrun - sprintf appends a terminating null to the data which was overrunning the supplied buffer.
Fixes regression introduced in commit 07dcd5648d
Signed-off-by: Evan Hunter <ehunter@broadcom.com>
Change-Id: Iec64233c0da5a044fb984c4b1803309cb636efe9
Reviewed-on: http://openocd.zylin.com/1312
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
This commit is contained in:
parent
900f2998c8
commit
0875e64ddb
|
@ -978,7 +978,7 @@ static int gdb_get_registers_packet(struct connection *connection,
|
|||
|
||||
assert(reg_packet_size > 0);
|
||||
|
||||
reg_packet = malloc(reg_packet_size);
|
||||
reg_packet = malloc(reg_packet_size + 1); /* plus one for string termination null */
|
||||
reg_packet_p = reg_packet;
|
||||
|
||||
for (i = 0; i < reg_list_size; i++) {
|
||||
|
@ -1085,7 +1085,7 @@ static int gdb_get_register_packet(struct connection *connection,
|
|||
if (!reg_list[reg_num]->valid)
|
||||
reg_list[reg_num]->type->get(reg_list[reg_num]);
|
||||
|
||||
reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2);
|
||||
reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2 + 1); /* plus one for string termination null */
|
||||
|
||||
gdb_str_to_target(target, reg_packet, reg_list[reg_num]);
|
||||
|
||||
|
|
Loading…
Reference in New Issue