[Openocd-development] stack corruption loading IHex

Tue, 27 Oct 2009 09:36:22 -0700 

Hello all, 
I've found a stack corruption loading an Hex file. 
The Hex parser uses a fixed number of sections. 
If the number of sections in the file is greater the ligne buffer get
corrupted  and an CHECKSUM ERROR is detected which is very confusing. The
patch below prints a more correct message. To read my file (
Primer2_Circle_Factory.hex) i had also to increase IMAGE_MAX_SECTIONS (491
sections in the file).
Regards, 
F.HÉRÉSON 
franck dot hereson  at secad  dot fr 
http://www.secad.fr 
  


Index: C:/msys/1.0/home/franck/openocd/src/target/image.c 
=================================================================== 
--- C:/msys/1.0/home/franck/openocd/src/target/image.c (revision 2811) 
+++ C:/msys/1.0/home/franck/openocd/src/target/image.c (working copy) 
@@ -196,6 +196,12 @@ 
     if (section[image->num_sections].size != 0) 
     { 
      image->num_sections++; 
+     if( image->num_sections >= IMAGE_MAX_SECTIONS) 
+      { 
+       /* too much sections */ 
+       LOG_ERROR("Too much sections found in IHEX file"); 
+       return ERROR_IMAGE_CHECKSUM; 
+      }    
      section[image->num_sections].size = 0x0; 
      section[image->num_sections].flags = 0; 
      section[image->num_sections].private = &ihex->buffer[cooked_bytes]; 
@@ -252,6 +258,12 @@ 
     if (section[image->num_sections].size != 0) 
     { 
      image->num_sections++; 
+     if( image->num_sections >= IMAGE_MAX_SECTIONS) 
+      { 
+       /* too much sections */ 
+       LOG_ERROR("Too much sections found in IHEX file"); 
+       return ERROR_IMAGE_CHECKSUM; 
+      } 
      section[image->num_sections].size = 0x0; 
      section[image->num_sections].flags = 0; 
      section[image->num_sections].private = &ihex->buffer[cooked_bytes]; 
@@ -292,6 +304,12 @@ 
     if (section[image->num_sections].size != 0) 
     { 
      image->num_sections++; 
+     if( image->num_sections >= IMAGE_MAX_SECTIONS) 
+      { 
+       /* too much sections */ 
+       LOG_ERROR("Too much sections found in IHEX file"); 
+       return ERROR_IMAGE_CHECKSUM; 
+      } 
      section[image->num_sections].size = 0x0; 
      section[image->num_sections].flags = 0; 
      section[image->num_sections].private = &ihex->buffer[cooked_bytes]; 


 

_______________________________________________
Openocd-development mailing list
Openocd-development@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/openocd-development

Reply via email to