remote_jtagtap: Fix memory corruption in jtagtap_tdi_tdo_seq

src/platforms/hosted/remote_jtagtap.c

@@ -118,8 +118,6 @@ static void jtagtap_tdi_tdo_seq(
 
 	if(!ticks || (!DI && !DO))
 		return;
-	uint64_t *DIl = (uint64_t *)DI;
-	uint64_t *DOl = (uint64_t *)DO;
 	while (ticks) {
 		int chunk;
 		if (ticks < 65)
@@ -128,19 +126,26 @@ static void jtagtap_tdi_tdo_seq(
 			chunk = 64;
 		}
 		ticks -= chunk;
-		uint64_t dil;
+		uint8_t di[8];
-		if (DI)
+		memset(di, 0, 8);
-			dil = *DIl++;
+		int bytes = (chunk + 7) >> 3;
-		else
+		if (DI) {
-			dil = 0;
+			memcpy(&di, DI, bytes);
-		/* Reduce the length of DI according to the bits we're transmitting */
+			int remainder = chunk & 7;
-		if (chunk < 64)
+			DI += bytes;
-			dil &= ((1LL << chunk) - 1);
+			DI += bytes;
+			if (remainder) {
+				uint8_t rem = *DI;
+				rem &= (1 << remainder) - 1;
+				*di = rem;
+			}
+		};
+		/* PRIx64 differs with system. Use it explicit in the format string*/
 		s = snprintf((char *)construct, REMOTE_MAX_MSG_SIZE,
 					 "!J%c%02x%" PRIx64 "%c",
 					 (!ticks && final_tms) ?
 					 REMOTE_TDITDO_TMS : REMOTE_TDITDO_NOTMS,
-					 chunk, dil, REMOTE_EOM);
+					 chunk, *(uint64_t*)di, REMOTE_EOM);
 		platform_buffer_write(construct,s);
 
 		s = platform_buffer_read(construct, REMOTE_MAX_MSG_SIZE);
@@ -149,8 +154,11 @@ static void jtagtap_tdi_tdo_seq(
 					   s ? (char *)&(construct[1]) : "unknown");
 			exit(-1);
 		}
-		if (DO)
+		if (DO) {
-			*DOl++ = remotehston(-1, (char *)&construct[1]);
+			uint64_t res = remotehston(-1, (char *)&construct[1]);
+			memcpy(DO, &res, bytes);
+			DO += bytes;
+		}
 	}
 }