avr/avrdude
2
0
Fork 0
mirror of https://github.com/mariusgreuel/avrdude.git synced 2025-09-28 06:55:27 +00:00
Code Issues Projects Releases Wiki Activity

Fix buffer overflow issue

Browse Source 
when in terminal fill mode
This commit is contained in:
MCUdude
2022-04-09 20:08:44 +02:00
parent 7e26a15375
commit 1363c7fe76
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/term.c
View File

@@ -373,7 +373,8 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
return -1;
}
uint8_t * buf = malloc(mem->size + 0x10);
// Allocate a buffer guaranteed to be large enough
uint8_t * buf = calloc(mem->size + 0x10 + strlen(argv[argc - 2]), sizeof(uint8_t));
if (buf == NULL) {
avrdude_message(MSG_INFO, "%s (write): out of memory\n", progname);
return -1;
@@ -535,6 +536,10 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
buf[i - start_offset + ++data.bytes_grown] = data.a[7];
}
}
// Make sure buf does not overflow
if (i - start_offset + data.bytes_grown > maxsize)
break;
}
// When in "fill" mode, the maximum size is already predefined