patch #9732: usbtiny_paged_load overflows buffer e.g. when reading EEPROM

* usbtiny.c (usbtiny_paged_load, usbtiny_paged_write): ensure chunk
does not overflow memory area

Submitted by Joel Ray Holveck




git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk/avrdude@1444 81a1dc3b-b13d-400b-aceb-764788c761c2
This commit is contained in:
Joerg Wunsch 2020-09-18 21:16:13 +00:00
parent 3f5e101f09
commit 2c4f9d23b4
3 changed files with 14 additions and 0 deletions

View File

@ -1,3 +1,10 @@
2020-09-18 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
Submitted by Joel Ray Holveck
patch #9732: usbtiny_paged_load overflows buffer e.g. when reading EEPROM
* usbtiny.c (usbtiny_paged_load, usbtiny_paged_write): ensure chunk
does not overflow memory area
2020-09-16 Joerg Wunsch <j.gnu@uriah.heep.sax.de> 2020-09-16 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
Submitted by Adrian Klieber: Submitted by Adrian Klieber:

1
NEWS
View File

@ -72,6 +72,7 @@ Current:
patch #9819: Address several leaks in SVN rev 1429 patch #9819: Address several leaks in SVN rev 1429
patch #9820: Fix some out-of-bounds/uninitialized issues patch #9820: Fix some out-of-bounds/uninitialized issues
patch #9818: correct typos in SVN rev 1429 patch #9818: correct typos in SVN rev 1429
patch #9732: usbtiny_paged_load overflows buffer e.g. when reading EEPROM
* Internals: * Internals:
- New avrdude.conf keyword "family_id", used to verify SIB attributes - New avrdude.conf keyword "family_id", used to verify SIB attributes

View File

@ -641,6 +641,9 @@ static int usbtiny_paged_load (PROGRAMMER * pgm, AVRPART * p, AVRMEM* m,
for (; addr < maxaddr; addr += chunk) { for (; addr < maxaddr; addr += chunk) {
chunk = PDATA(pgm)->chunk_size; // start with the maximum chunk size possible chunk = PDATA(pgm)->chunk_size; // start with the maximum chunk size possible
if (addr + chunk > maxaddr) {
chunk = maxaddr - addr;
}
// Send the chunk of data to the USBtiny with the function we want // Send the chunk of data to the USBtiny with the function we want
// to perform // to perform
@ -696,6 +699,9 @@ static int usbtiny_paged_write(PROGRAMMER * pgm, AVRPART * p, AVRMEM * m,
for (; addr < maxaddr; addr += chunk) { for (; addr < maxaddr; addr += chunk) {
// start with the max chunk size // start with the max chunk size
chunk = PDATA(pgm)->chunk_size; chunk = PDATA(pgm)->chunk_size;
if (addr + chunk > maxaddr) {
chunk = maxaddr - addr;
}
// we can only write a page at a time anyways // we can only write a page at a time anyways
if (m->paged && chunk > page_size) if (m->paged && chunk > page_size)