interesting
/
riscv-openocd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

gdb_server: Fix segfault in (and rewrite) decode_xfer_read 

Introduced by 537b06a81 (free non-malloced memory).

Rewrite to use standard C string routines and make returning annex
optional since it's not currently used.

Change-Id: Idf3698a482dfeff7fa5ea1660fd89122eb80b68d
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/2023
Tested-by: jenkins
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
This commit is contained in:
Andreas Fritiofson 2014-03-06 22:06:59 +01:00 committed by Spencer Oliver
parent 35fdbdcecd
commit 3560c8e06b
1 changed files with 18 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/server/gdb_server.c
View File

@ -1669,41 +1669,31 @@ static void xml_printf(int *retval, char **xml, int *pos, int *size,
} }
} }
static int decode_xfer_read(char const *_buf, char **annex, int *ofs, unsigned int *len) static int decode_xfer_read(char const *buf, char **annex, int *ofs, unsigned int *len)
{ {
int ret = 0; /* Locate the annex. */
char *buf = strdup(_buf); const char *annex_end = strchr(buf, ':');
char *_annex; if (annex_end == NULL)
char *separator; return ERROR_FAIL;
/* Extract and NUL-terminate the annex. */
_annex = buf;
while (*buf && *buf != ':')
buf++;
if (*buf == '\0') {
ret = -1;
goto out;
}
*buf++ = 0;
/* Return annex as copy because "buf" will be freed in this function */
*annex = strdup(_annex);
/* After the read marker and annex, qXfer looks like a /* After the read marker and annex, qXfer looks like a
* traditional 'm' packet. */ * traditional 'm' packet. */
char *separator;
*ofs = strtoul(annex_end + 1, &separator, 16);
*ofs = strtoul(buf, &separator, 16); if (*separator != ',')
return ERROR_FAIL;
if (*separator != ',') {
ret = -1;
goto out;
}
*len = strtoul(separator + 1, NULL, 16); *len = strtoul(separator + 1, NULL, 16);
out: /* Extract the annex if needed */
free(buf); if (annex != NULL) {
return ret; *annex = strndup(buf, annex_end - buf);
if (*annex == NULL)
return ERROR_FAIL;
}
return ERROR_OK;
} }
static int compare_bank(const void *a, const void *b) static int compare_bank(const void *a, const void *b)
@ -2387,16 +2377,14 @@ static int gdb_query_packet(struct connection *connection,
int offset; int offset;
unsigned int length; unsigned int length;
char *annex = NULL;
/* skip command character */ /* skip command character */
packet += 20; packet += 20;
if (decode_xfer_read(packet, &annex, &offset, &length) < 0) { if (decode_xfer_read(packet, NULL, &offset, &length) < 0) {
gdb_send_error(connection, 01); gdb_send_error(connection, 01);
return ERROR_OK; return ERROR_OK;
} }
free(annex);
/* Target should prepare correct target description for annex. /* Target should prepare correct target description for annex.
* The first character of returned xml is 'm' or 'l'. 'm' for * The first character of returned xml is 'm' or 'l'. 'm' for