From 09d754b9fd6c3d414ac5055c6f3fb0359374e53a Mon Sep 17 00:00:00 2001 From: joerg_wunsch Date: Fri, 27 May 2005 12:15:28 +0000 Subject: [PATCH] Fix a signedness bug when shifting bits; this caused the length field of the packet to occasionally been misinterpreted as a negative number. When discarding a packet for being overly long, restart the state machine instead of attempting to drop a preposterous amount of data. It is unlikely in that case that preposterous amount of data would ever arrive, so rather attempt to re-align the reading algorithm (supposedly resulting in a timeout and retransmit). git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk/avrdude@472 81a1dc3b-b13d-400b-aceb-764788c761c2 --- ChangeLog | 7 +++++++ jtagmkII.c | 15 ++++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index b7fc77dc..e47d7367 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2005-05-27 Joerg Wunsch + + * jtagmkII.c: fix a signedness bug when shifting bits; when + discarding a packet for being overly long, restart the state + machine instead of attempting to drop a preposterous amount + of data. + 2005-05-19 Joerg Wunsch * avrdude.1: diff --git a/jtagmkII.c b/jtagmkII.c index 41934e03..c99bf0e2 100644 --- a/jtagmkII.c +++ b/jtagmkII.c @@ -99,9 +99,9 @@ b4_to_u32(unsigned char *b) { unsigned long l; l = b[0]; - l += b[1] << 8; - l += b[2] << 16; - l += b[3] << 24; + l += (unsigned)b[1] << 8; + l += (unsigned)b[2] << 16; + l += (unsigned)b[3] << 24; return l; } @@ -120,7 +120,7 @@ b2_to_u16(unsigned char *b) { unsigned short l; l = b[0]; - l += b[1] << 8; + l += (unsigned)b[1] << 8; return l; } @@ -411,7 +411,7 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg, case sSEQNUM1: case sSEQNUM2: r_seqno >>= 8; - r_seqno |= (c << 8); + r_seqno |= ((unsigned)c << 8); state++; break; case sSIZE1: @@ -419,7 +419,7 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg, case sSIZE3: case sSIZE4: msglen >>= 8; - msglen |= (c << 24); + msglen |= ((unsigned)c << 24); state++; break; case sTOKEN: @@ -430,7 +430,8 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg, "%s: jtagmkII_recv(): msglen %lu exceeds max message " "size %u, ignoring message\n", progname, msglen, MAX_MESSAGE); - ignorpkt++; + state = sSTART; + headeridx = 0; } else if ((buf = malloc(msglen + 10)) == NULL) { fprintf(stderr, "%s: jtagmkII_recv(): out of memory\n", progname);