diff options
| author | Paul Fertser <fercerpav@gmail.com> | 2015-08-12 01:03:02 +0300 |
|---|---|---|
| committer | Spencer Oliver <spen@spen-soft.co.uk> | 2015-09-30 22:01:47 +0100 |
| commit | 874f0157eb01f8486b8e739244b4429a92a8182e (patch) | |
| tree | ce00157e78829691a3585d96f379e7e0756571f9 /src/svf | |
| parent | 4b0477abc196d1488628131c18de742c092ad289 (diff) | |
| download | riscv-openocd-874f0157eb01f8486b8e739244b4429a92a8182e.zip riscv-openocd-874f0157eb01f8486b8e739244b4429a92a8182e.tar.gz riscv-openocd-874f0157eb01f8486b8e739244b4429a92a8182e.tar.bz2 | |
svf: fix segfaults exposed by some SVF
The problem was reported by jstefanop on IRC, the SVF was generated with
Xilinx ISE 14.7.
Found and investigated with Valgrind's vgdb service.
Change-Id: I32b0e77e0380ce4a391661f97449f9c2a5f83625
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2933
Tested-by: jenkins
Diffstat (limited to 'src/svf')
| -rw-r--r-- | src/svf/svf.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/svf/svf.c b/src/svf/svf.c index 15198d9..a90ccd1 100644 --- a/src/svf/svf.c +++ b/src/svf/svf.c @@ -259,7 +259,7 @@ static void svf_hexbuf_print(int dbg_lvl, const char *file, unsigned line, int msbits = bit_len % 8; /* allocate 2 bytes per hex digit */ - char *prbuf = malloc((byte_len * 2) + 1); + char *prbuf = malloc((byte_len * 2) + 2 + 1); if (!prbuf) return; @@ -1034,6 +1034,19 @@ XXR_common: } i_tmp = xxr_para_tmp->len; xxr_para_tmp->len = atoi(argus[1]); + /* If we are to enlarge the buffers, all parts of xxr_para_tmp + * need to be freed */ + if (i_tmp < xxr_para_tmp->len) { + free(xxr_para_tmp->tdi); + xxr_para_tmp->tdi = NULL; + free(xxr_para_tmp->tdo); + xxr_para_tmp->tdo = NULL; + free(xxr_para_tmp->mask); + xxr_para_tmp->mask = NULL; + free(xxr_para_tmp->smask); + xxr_para_tmp->smask = NULL; + } + LOG_DEBUG("\tlength = %d", xxr_para_tmp->len); xxr_para_tmp->data_mask = 0; for (i = 2; i < num_of_argu; i += 2) { |