[Openocd-development] Bug in core.c::jtag_unregister_event_callback()

Tue, 07 Dec 2010 10:08:44 -0800 

Hi,

I believe I've found a bug or two in jtag_unregister_event_callback().
273 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l273> int jtag_register_event_callback(jtag_event_handler_t callback, void *priv) 274 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l274> { 
...
311 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l311> next = &((*callbacks_p)->next); 
...
316 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l316> if ((*callbacks_p)->callback == callback) 317 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l317> { 318 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l318> free(*callbacks_p); 319 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l319> *callbacks_p = *next; 320 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l320> }
The assignment after the free() call is accessing the callback structure that has just been freed. Also, the assignment on line 319 doesn't account for the next increment in the for statement.
307 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l307> for (callbacks_p = &jtag_event_callbacks; 308 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l308> *callbacks_p != NULL; 309 <http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=blob;f=src/jtag/core.c;h=c1b64bba41b040ae8bdbea7d3dde302cdea6ffa5;hb=HEAD#l309> callbacks_p = next)
I have fixed and verified on my build but am unfamiliar with submission procedures. I'm happy to contribute with a little guidance. 

Regards,

Paul


_______________________________________________
Openocd-development mailing list
Openocd-development@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/openocd-development

Reply via email to