This is an automated email from Gerrit.
"Marcus Nilsson (1002225)" just uploaded a new patch set to Gerrit, which you
can find at https://review.openocd.org/c/openocd/+/8232
-- gerrit
commit 8b763a4e48b9620a861307e3869691357305c7b4
Author: Marcus Nilsson <brainb...@gmail.com>
Date: Mon May 6 11:40:00 2024 +0200
drivers/cmsis_dap: Fix buffer overflow in cmsis_dap_hid_open()
Use mbstowcs() to get required length of wide character string and
include space for terminating null wide character.
Change-Id: I668de6f0acc9b3ec5aca033d870dd9ef354f9077
Signed-off-by: Marcus Nilsson <brainb...@gmail.com>
diff --git a/src/jtag/drivers/cmsis_dap_usb_hid.c
b/src/jtag/drivers/cmsis_dap_usb_hid.c
index 98ccc3e381..983246a36c 100644
--- a/src/jtag/drivers/cmsis_dap_usb_hid.c
+++ b/src/jtag/drivers/cmsis_dap_usb_hid.c
@@ -121,8 +121,8 @@ static int cmsis_dap_hid_open(struct cmsis_dap *dap,
uint16_t vids[], uint16_t p
break;
if (cur_dev->serial_number) {
- size_t len = (strlen(serial) + 1) *
sizeof(wchar_t);
- wchar_t *wserial = malloc(len);
+ size_t len = mbstowcs(NULL, serial, 0) + 1;
+ wchar_t *wserial = malloc(len *
sizeof(wchar_t));
mbstowcs(wserial, serial, len);
if (wcscmp(wserial, cur_dev->serial_number) ==
0) {
--
