From dcf771424b0e84f216e08479d09db0001586b079 Mon Sep 17 00:00:00 2001
From: MCUdude <hansibull@gmail.com>
Date: Fri, 18 Mar 2022 19:17:17 +0100
Subject: [PATCH 1/3] Increase buffer size to prevent potential overflow

---
 src/term.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/term.c b/src/term.c
index ba0cf5cf..991ff92d 100644
--- a/src/term.c
+++ b/src/term.c
@@ -364,7 +364,7 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
     return -1;
   }
 
-  uint8_t * buf = malloc(mem->size);
+  uint8_t * buf = malloc(mem->size + 0x10);
   if (buf == NULL) {
     avrdude_message(MSG_INFO, "%s (write): out of memory\n", progname);
     return -1;

From 6a5988ad64f46983a055af2980d684e4e187813c Mon Sep 17 00:00:00 2001
From: MCUdude <hansibull@gmail.com>
Date: Fri, 18 Mar 2022 21:19:36 +0100
Subject: [PATCH 2/3] Print write info message when in verbose mode

---
 src/term.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/term.c b/src/term.c
index 991ff92d..9da8c855 100644
--- a/src/term.c
+++ b/src/term.c
@@ -506,6 +506,12 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
     return -1;
   }
 
+  avrdude_message(MSG_NOTICE, "Info: Writing %d bytes starting from address 0x%02x",
+                  len + data.bytes_grown, addr);
+  if (write_mode == WRITE_MODE_FILL)
+    avrdude_message(MSG_NOTICE, ". Remaining space filled with %s", argv[argc - 2]);
+  avrdude_message(MSG_NOTICE, "\n");
+
   pgm->err_led(pgm, OFF);
   bool werror = false;
   for (i = 0; i < (len + data.bytes_grown); i++) {

From 426ea1fa78699964e6229cacf03014541731917b Mon Sep 17 00:00:00 2001
From: MCUdude <hansibull@gmail.com>
Date: Fri, 18 Mar 2022 21:20:58 +0100
Subject: [PATCH 3/3] Add missing free()'s

---
 src/term.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/term.c b/src/term.c
index 9da8c855..1a6b64ec 100644
--- a/src/term.c
+++ b/src/term.c
@@ -378,6 +378,7 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
     if (*end_ptr || (end_ptr == argv[3])) {
       avrdude_message(MSG_INFO, "%s (write ...): can't parse address \"%s\"\n",
             progname, argv[3]);
+      free(buf);
       return -1;
     }
   } else {
@@ -503,6 +504,7 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
     avrdude_message(MSG_INFO, "%s (write): selected address and # bytes exceed "
                     "range for %s memory\n",
                     progname, memtype);
+    free(buf);
     return -1;
   }