This is an automated email from Gerrit. Andreas Fritiofson ([email protected]) just uploaded a new patch set to Gerrit, which you can find at http://openocd.zylin.com/2023
-- gerrit commit 8e499b9b85311b2c65491a434aba045d338e8064 Author: Andreas Fritiofson <[email protected]> Date: Thu Mar 6 22:06:59 2014 +0100 gdb_server: Fix segfault in (and rewrite) decode_xfer_read Introduced by 537b06a81 (free non-malloced memory). Rewrite to use standard C string routines and make returning annex optional since it's not currently used. Change-Id: Idf3698a482dfeff7fa5ea1660fd89122eb80b68d Signed-off-by: Andreas Fritiofson <[email protected]> diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c index e417bf4..f2d0a46 100644 --- a/src/server/gdb_server.c +++ b/src/server/gdb_server.c @@ -1669,41 +1669,31 @@ static void xml_printf(int *retval, char **xml, int *pos, int *size, } } -static int decode_xfer_read(char const *_buf, char **annex, int *ofs, unsigned int *len) +static int decode_xfer_read(char const *buf, char **annex, int *ofs, unsigned int *len) { - int ret = 0; - char *buf = strdup(_buf); - char *_annex; - char *separator; - - /* Extract and NUL-terminate the annex. */ - _annex = buf; - while (*buf && *buf != ':') - buf++; - if (*buf == '\0') { - ret = -1; - goto out; - } - *buf++ = 0; - - /* Return annex as copy because "buf" will be freed in this function */ - *annex = strdup(_annex); + /* Locate the annex. */ + const char *annex_end = strchr(buf, ':'); + if (annex_end == NULL) + return ERROR_FAIL; /* After the read marker and annex, qXfer looks like a * traditional 'm' packet. */ + char *separator; + *ofs = strtoul(annex_end + 1, &separator, 16); - *ofs = strtoul(buf, &separator, 16); - - if (*separator != ',') { - ret = -1; - goto out; - } + if (*separator != ',') + return ERROR_FAIL; *len = strtoul(separator + 1, NULL, 16); -out: - free(buf); - return ret; + /* Extract the annex if needed */ + if (annex != NULL) { + *annex = strndup(buf, annex_end - buf); + if (*annex == NULL) + return ERROR_FAIL; + } + + return ERROR_OK; } static int compare_bank(const void *a, const void *b) @@ -2387,16 +2377,14 @@ static int gdb_query_packet(struct connection *connection, int offset; unsigned int length; - char *annex = NULL; /* skip command character */ packet += 20; - if (decode_xfer_read(packet, &annex, &offset, &length) < 0) { + if (decode_xfer_read(packet, NULL, &offset, &length) < 0) { gdb_send_error(connection, 01); return ERROR_OK; } - free(annex); /* Target should prepare correct target description for annex. * The first character of returned xml is 'm' or 'l'. 'm' for -- ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ OpenOCD-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openocd-devel
