Add range checking on mem access packets.
This commit is contained in:
parent
e5395aaba7
commit
bd2cfe72f0
|
@ -115,6 +115,10 @@ int gdb_main_loop(struct target_controller *tc, bool in_syscall)
|
||||||
uint32_t addr, len;
|
uint32_t addr, len;
|
||||||
ERROR_IF_NO_TARGET();
|
ERROR_IF_NO_TARGET();
|
||||||
sscanf(pbuf, "m%" SCNx32 ",%" SCNx32, &addr, &len);
|
sscanf(pbuf, "m%" SCNx32 ",%" SCNx32, &addr, &len);
|
||||||
|
if (len > sizeof(pbuf) / 2) {
|
||||||
|
gdb_putpacketz("E02");
|
||||||
|
break;
|
||||||
|
}
|
||||||
DEBUG("m packet: addr = %" PRIx32 ", len = %" PRIx32 "\n", addr, len);
|
DEBUG("m packet: addr = %" PRIx32 ", len = %" PRIx32 "\n", addr, len);
|
||||||
uint8_t mem[len];
|
uint8_t mem[len];
|
||||||
if (target_mem_read(cur_target, mem, addr, len))
|
if (target_mem_read(cur_target, mem, addr, len))
|
||||||
|
@ -136,6 +140,10 @@ int gdb_main_loop(struct target_controller *tc, bool in_syscall)
|
||||||
int hex;
|
int hex;
|
||||||
ERROR_IF_NO_TARGET();
|
ERROR_IF_NO_TARGET();
|
||||||
sscanf(pbuf, "M%" SCNx32 ",%" SCNx32 ":%n", &addr, &len, &hex);
|
sscanf(pbuf, "M%" SCNx32 ",%" SCNx32 ":%n", &addr, &len, &hex);
|
||||||
|
if (len > (unsigned)(size - hex) / 2) {
|
||||||
|
gdb_putpacketz("E02");
|
||||||
|
break;
|
||||||
|
}
|
||||||
DEBUG("M packet: addr = %" PRIx32 ", len = %" PRIx32 "\n", addr, len);
|
DEBUG("M packet: addr = %" PRIx32 ", len = %" PRIx32 "\n", addr, len);
|
||||||
uint8_t mem[len];
|
uint8_t mem[len];
|
||||||
unhexify(mem, pbuf + hex, len);
|
unhexify(mem, pbuf + hex, len);
|
||||||
|
@ -251,6 +259,10 @@ int gdb_main_loop(struct target_controller *tc, bool in_syscall)
|
||||||
int bin;
|
int bin;
|
||||||
ERROR_IF_NO_TARGET();
|
ERROR_IF_NO_TARGET();
|
||||||
sscanf(pbuf, "X%" SCNx32 ",%" SCNx32 ":%n", &addr, &len, &bin);
|
sscanf(pbuf, "X%" SCNx32 ",%" SCNx32 ":%n", &addr, &len, &bin);
|
||||||
|
if (len > (unsigned)(size - bin)) {
|
||||||
|
gdb_putpacketz("E02");
|
||||||
|
break;
|
||||||
|
}
|
||||||
DEBUG("X packet: addr = %" PRIx32 ", len = %" PRIx32 "\n", addr, len);
|
DEBUG("X packet: addr = %" PRIx32 ", len = %" PRIx32 "\n", addr, len);
|
||||||
if (target_mem_write(cur_target, addr, pbuf+bin, len))
|
if (target_mem_write(cur_target, addr, pbuf+bin, len))
|
||||||
gdb_putpacketz("E01");
|
gdb_putpacketz("E01");
|
||||||
|
|
Loading…
Reference in New Issue