target/cortex_m: prevent segmentation fault in cortex_m_poll()

If a Cortex-M MCU become unresponsive during a debug session and re-examination fails to find MEM-AP, debug_ap pointer is set to NULL. Eventual call of cortex_m_poll() dereferences debug_ap. Check debug_ap validity at the begin of cortex_m_poll(). Change-Id: I9519f48760c91a48a9e5e8c34634d247098cb14a Fixes: 35a503b08d (arm_adi_v5: add ap refcount and add get/put around ap use) Signed-off-by: Tomas Vanek <vanekt@fbl.cz> Reviewed-on: https://review.openocd.org/c/openocd/+/7108 Tested-by: jenkins Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
2022-08-02 11:33:07 +02:00 · 2022-08-02 11:33:07 +02:00 · b6dad912b8
parent cae0c8b32b
commit b6dad912b8
1 changed files with 10 additions and 0 deletions
--- a/src/target/cortex_m.c
+++ b/src/target/cortex_m.c
@ -868,6 +868,16 @@ static int cortex_m_poll(struct target *target)
 	struct cortex_m_common *cortex_m = target_to_cm(target);
 	struct armv7m_common *armv7m = &cortex_m->armv7m;

+	/* Check if debug_ap is available to prevent segmentation fault.
+	 * If the re-examination after an error does not find a MEM-AP
+	 * (e.g. the target stopped communicating), debug_ap pointer
+	 * can suddenly become NULL.
+	 */
+	if (!armv7m->debug_ap) {
+		target->state = TARGET_UNKNOWN;
+		return ERROR_TARGET_NOT_EXAMINED;
+	}
+
 	/* Read from Debug Halting Control and Status Register */
 	retval = cortex_m_read_dhcsr_atomic_sticky(target);
 	if (retval != ERROR_OK) {