Fix a signedness bug when shifting bits; this caused the length field
of the packet to occasionally been misinterpreted as a negative number. When discarding a packet for being overly long, restart the state machine instead of attempting to drop a preposterous amount of data. It is unlikely in that case that preposterous amount of data would ever arrive, so rather attempt to re-align the reading algorithm (supposedly resulting in a timeout and retransmit). git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk/avrdude@472 81a1dc3b-b13d-400b-aceb-764788c761c2
This commit is contained in:
Joerg Wunsch
parent
e7df01c555
commit
2be5a10ed8
|
|
@ -1,3 +1,10 @@
|
|||
2005-05-27 Joerg Wunsch <j@uriah.heep.sax.de>
|
||||
|
||||
* jtagmkII.c: fix a signedness bug when shifting bits; when
|
||||
discarding a packet for being overly long, restart the state
|
||||
machine instead of attempting to drop a preposterous amount
|
||||
of data.
|
||||
|
||||
2005-05-19 Joerg Wunsch <j@uriah.heep.sax.de>
|
||||
|
||||
* avrdude.1:
|
||||
|
|
|
|||
15
jtagmkII.c
15
jtagmkII.c
|
|
@ -99,9 +99,9 @@ b4_to_u32(unsigned char *b)
|
|||
{
|
||||
unsigned long l;
|
||||
l = b[0];
|
||||
l += b[1] << 8;
|
||||
l += b[2] << 16;
|
||||
l += b[3] << 24;
|
||||
l += (unsigned)b[1] << 8;
|
||||
l += (unsigned)b[2] << 16;
|
||||
l += (unsigned)b[3] << 24;
|
||||
|
||||
return l;
|
||||
}
|
||||
|
|
@ -120,7 +120,7 @@ b2_to_u16(unsigned char *b)
|
|||
{
|
||||
unsigned short l;
|
||||
l = b[0];
|
||||
l += b[1] << 8;
|
||||
l += (unsigned)b[1] << 8;
|
||||
|
||||
return l;
|
||||
}
|
||||
|
|
@ -411,7 +411,7 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg,
|
|||
case sSEQNUM1:
|
||||
case sSEQNUM2:
|
||||
r_seqno >>= 8;
|
||||
r_seqno |= (c << 8);
|
||||
r_seqno |= ((unsigned)c << 8);
|
||||
state++;
|
||||
break;
|
||||
case sSIZE1:
|
||||
|
|
@ -419,7 +419,7 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg,
|
|||
case sSIZE3:
|
||||
case sSIZE4:
|
||||
msglen >>= 8;
|
||||
msglen |= (c << 24);
|
||||
msglen |= ((unsigned)c << 24);
|
||||
state++;
|
||||
break;
|
||||
case sTOKEN:
|
||||
|
|
@ -430,7 +430,8 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg,
|
|||
"%s: jtagmkII_recv(): msglen %lu exceeds max message "
|
||||
"size %u, ignoring message\n",
|
||||
progname, msglen, MAX_MESSAGE);
|
||||
ignorpkt++;
|
||||
state = sSTART;
|
||||
headeridx = 0;
|
||||
} else if ((buf = malloc(msglen + 10)) == NULL) {
|
||||
fprintf(stderr, "%s: jtagmkII_recv(): out of memory\n",
|
||||
progname);
|
||||
|
|
|
|||
Loading…
Reference in New Issue