[OpenOCD-devel] [PATCH]: 7fc258f server/tcl_server.c: Fix buffer overrun

gerrit Wed, 04 Dec 2019 22:51:06 -0800

This is an automated email from Gerrit.

nh minus ([email protected]) just uploaded a new patch set to Gerrit, which you 
can find at http://openocd.zylin.com/5352


-- gerrit

commit 7fc258fd926247fac794a2ad49ca24a69b41a13e
Author: Jimmy <[email protected]>
Date:   Thu Dec 5 14:45:17 2019 +0800

    server/tcl_server.c: Fix buffer overrun
    
    The input buffer size is checked only after writing past its end.
    
    Change-Id: I6a9651c5b7d82efe338468d67bf6caca41004b01
    Signed-off-by: Jimmy <[email protected]>

diff --git a/src/server/tcl_server.c b/src/server/tcl_server.c
index 1ec45ff..1735c43 100644
--- a/src/server/tcl_server.c
+++ b/src/server/tcl_server.c
@@ -199,7 +199,7 @@ static int tcl_input(struct connection *connection)
        for (i = 0; i < rlen; i++) {
                /* buffer the data */
                tclc->tc_line[tclc->tc_lineoffset] = in[i];
-               if (tclc->tc_lineoffset < tclc->tc_line_size) {
+               if (tclc->tc_lineoffset + 1 < tclc->tc_line_size) {
                        tclc->tc_lineoffset++;
                } else if (tclc->tc_line_size >= TCL_LINE_MAX) {
                        /* maximum line size reached, drop line */

-- 


_______________________________________________
OpenOCD-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openocd-devel

[OpenOCD-devel] [PATCH]: 7fc258f server/tcl_server.c: Fix buffer overrun

Reply via email to