[PATCH]: 3fc909d0b4 fix wrap-around detection for read_memory/write_memory

Sat, 09 Nov 2024 13:15:09 -0800 

This is an automated email from Gerrit.

"Anatoly P <anatoly.parshint...@syntacore.com>" just uploaded a new patch set 
to Gerrit, which you can find at https://review.openocd.org/c/openocd/+/8572

-- gerrit

commit 3fc909d0b49f1b96531a1f1ac6ee9bec555c5e77
Author: Parshintsev Anatoly <anatoly.parshint...@syntacore.com>
Date:   Fri Nov 8 07:12:46 2024 +0300

    fix wrap-around detection for read_memory/write_memory
    
    while at it change the order of checks for requested region sizes to
    get rid of potential overflow during multiplication.
    
    Change-Id: I97dac68e7024591cfd7abb70c8c62dff791298fe
    Signed-off-by: Parshintsev Anatoly <anatoly.parshint...@syntacore.com>

diff --git a/src/target/target.c b/src/target/target.c
index 49611dfb45..51f7eb9f7d 100644
--- a/src/target/target.c
+++ b/src/target/target.c
@@ -4448,13 +4448,13 @@ COMMAND_HANDLER(handle_target_read_memory)
 
        const unsigned int width = width_bits / 8;
 
-       if ((addr + (count * width)) < addr) {
-               command_print(CMD, "read_memory: addr + count wraps to zero");
+       if (count > 65536) {
+               command_print(CMD, "read_memory: too large read request, 
exceeds 64K elements");
                return ERROR_COMMAND_ARGUMENT_INVALID;
        }
 
-       if (count > 65536) {
-               command_print(CMD, "read_memory: too large read request, 
exceeds 64K elements");
+       if ((addr + (count * width) - 1) < addr) {
+               command_print(CMD, "read_memory: addr + count wraps over zero");
                return ERROR_COMMAND_ARGUMENT_INVALID;
        }
 
@@ -4585,13 +4585,14 @@ static int target_jim_write_memory(Jim_Interp *interp, 
int argc,
 
        const unsigned int width = width_bits / 8;
 
-       if ((addr + (count * width)) < addr) {
-               Jim_SetResultString(interp, "write_memory: addr + len wraps to 
zero", -1);
+       if (count > 65536) {
+               Jim_SetResultString(interp,
+                       "write_memory: too large memory write request, exceeds 
64K elements", -1);
                return JIM_ERR;
        }
 
-       if (count > 65536) {
-               Jim_SetResultString(interp, "write_memory: too large memory 
write request, exceeds 64K elements", -1);
+       if ((addr + (count * width) - 1) < addr) {
+               Jim_SetResultString(interp, "write_memory: addr + len wraps 
over zero", -1);
                return JIM_ERR;
        }
 

--

Reply via email to