> add_ir_scan is called with just 1 scan_field, then this function sets the
> number of scanfields equal to the number of taps without allocating a a
> larger scan_field array.
> The error will be seen depending on if the out of bounds memory is cleared
> to 0 or not.
Hmm.... I didn't change the part of the code that calculates # of
scanfields to be allocated.
I see that jtag_add_ir_scan() is broken when it is invoked with more
than 1 field per tap, but I can't find jtag_add_ir_scan() being invoked
with more than 1 field anywhere... the recent changes didn't
modify # of scanfields allocated...
Attach is a patch to try to catch the case where wrong # of scan
fields are allocated or if too few are filled out, didn't turn
up anything when I ran a smoketest on stm32...
--
Øyvind Harboe
Embedded software and hardware consulting services
http://consulting.zylin.com
### Eclipse Workspace Patch 1.0
#P openocd
Index: src/jtag/jtag.c
===================================================================
--- src/jtag/jtag.c (revision 1676)
+++ src/jtag/jtag.c (working copy)
@@ -45,6 +45,7 @@
int jtag_flush_queue_count; /* count # of flushes for profiling / debugging
purposes */
+
/* note that this is not marked as static as it must be available from outside
jtag.c for those
that implement the jtag_xxx() minidriver layer
*/
@@ -541,7 +542,6 @@
u32 id[8];
int modified[8];
-
/* if we are to run a verification of the ir scan, we need to get the
input back.
* We may have to allocate space if the caller didn't ask for the input
back.
*
@@ -621,6 +621,12 @@
break;
}
nth_tap++;
+
+ if (nth_tap >= x )
+ {
+ LOG_ERROR("BUG: not enough fields allocated!");
+ }
+
scan_size = tap->ir_length;
(*last_cmd)->cmd.scan->fields[nth_tap].tap = tap;
(*last_cmd)->cmd.scan->fields[nth_tap].num_bits = scan_size;
@@ -649,6 +655,10 @@
/* update device information */
buf_cpy((*last_cmd)->cmd.scan->fields[nth_tap].out_value,
tap->cur_instr, scan_size);
}
+ if (nth_tap != x )
+ {
+ LOG_ERROR("BUG: all the scan fields where not filled out!");
+ }
return ERROR_OK;
}
@@ -1450,7 +1460,7 @@
/* each flush can take as much as 1-2ms on high bandwidth low latency
interfaces.
* E.g. a JTAG over TCP/IP or USB....
*/
- jtag_flush_queue_count++;
+ jtag_flush_queue_count++;
int retval=interface_jtag_execute_queue();
/* we keep the first error */
_______________________________________________
Openocd-development mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/openocd-development
