Øyvind Harboe wrote:
>> add_ir_scan is called with just 1 scan_field, then this function sets the
>> number of scanfields equal to the number of taps without allocating a a
>> larger scan_field array.
>> The error will be seen depending on if the out of bounds memory is cleared
>> to 0 or not.
>>
>
> Hmm.... I didn't change the part of the code that calculates # of
> scanfields to be allocated.
>
> I see that jtag_add_ir_scan() is broken when it is invoked with more
> than 1 field per tap, but I can't find jtag_add_ir_scan() being invoked
> with more than 1 field anywhere... the recent changes didn't
> modify # of scanfields allocated...
>
> Attach is a patch to try to catch the case where wrong # of scan
> fields are allocated or if too few are filled out, didn't turn
> up anything when I ran a smoketest on stm32...
>
>
>
>
A closer look, for configured taps not in the list of taps used in the
scan_field array passed to the function the default values should be
scan_size = tap->ir_length;
(*last_cmd)->cmd.scan->fields[nth_tap].tap = tap;
(*last_cmd)->cmd.scan->fields[nth_tap].num_bits = scan_size;
(*last_cmd)->cmd.scan->fields[nth_tap].in_value = NULL;
<============================ set default
(*last_cmd)->cmd.scan->fields[nth_tap].in_handler = NULL; /*
disable verification by default */
not
scan_size = tap->ir_length;
(*last_cmd)->cmd.scan->fields[nth_tap].tap = tap;
(*last_cmd)->cmd.scan->fields[nth_tap].num_bits = scan_size;
(*last_cmd)->cmd.scan->fields[nth_tap].in_value =
fields[nth_tap].in_value; <============= this does not exist !
Compare to the original.
_______________________________________________
Openocd-development mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/openocd-development
