avr
/
avrdude
mirror of https://github.com/mariusgreuel/avrdude.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

* jtag3.c (jtag3_initialize): Fix a buffer overflow by limiting 

the flash page cache size to at most "readsize".  For Xmegas with
a page size of 512 bytes, the maximum USB packet size was
overflowed, and subsequently, a memmove copied beyond the end of
the allocated buffer.
* jtag3.c (jtag3_read_byte): Add the correct offset also for the
various flash regions, so reading the apptable or boot regions
yields the correct data.



git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk/avrdude@1237 81a1dc3b-b13d-400b-aceb-764788c761c2
This commit is contained in:
joerg_wunsch 2013-09-17 15:06:35 +00:00
parent 05bff44a6e
commit 7023e2345c
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
2013-09-17 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
* jtag3.c (jtag3_initialize): Fix a buffer overflow by limiting
the flash page cache size to at most "readsize". For Xmegas with
a page size of 512 bytes, the maximum USB packet size was
overflowed, and subsequently, a memmove copied beyond the end of
the allocated buffer.
* jtag3.c (jtag3_read_byte): Add the correct offset also for the
various flash regions, so reading the apptable or boot regions
yields the correct data.
2013-09-16 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
Submitted by Joakim Lubeck:

11
jtag3.c
View File

@ -802,7 +802,10 @@ static int jtag3_initialize(PROGRAMMER * pgm, AVRPART * p)
for (ln = lfirst(p->mem); ln; ln = lnext(ln)) {
m = ldata(ln);
if (strcmp(m->desc, "flash") == 0) {
PDATA(pgm)->flash_pagesize = m->page_size;
if (m->readsize != 0 && m->readsize < m->page_size)
PDATA(pgm)->flash_pagesize = m->readsize;
else
PDATA(pgm)->flash_pagesize = m->page_size;
u16_to_b2(xd.flash_page_size, m->page_size);
} else if (strcmp(m->desc, "eeprom") == 0) {
PDATA(pgm)->eeprom_pagesize = m->page_size;
@ -843,7 +846,10 @@ static int jtag3_initialize(PROGRAMMER * pgm, AVRPART * p)
for (ln = lfirst(p->mem); ln; ln = lnext(ln)) {
m = ldata(ln);
if (strcmp(m->desc, "flash") == 0) {
PDATA(pgm)->flash_pagesize = m->page_size;
if (m->readsize != 0 && m->readsize < m->page_size)
PDATA(pgm)->flash_pagesize = m->readsize;
else
PDATA(pgm)->flash_pagesize = m->page_size;
u16_to_b2(md.flash_page_size, m->page_size);
u32_to_b4(md.flash_size, (flashsize = m->size));
// do we need it? just a wild guess
@ -1421,6 +1427,7 @@ static int jtag3_read_byte(PROGRAMMER * pgm, AVRPART * p, AVRMEM * mem,
strcmp(mem->desc, "application") == 0 ||
strcmp(mem->desc, "apptable") == 0 ||
strcmp(mem->desc, "boot") == 0) {
addr += mem->offset & (512 * 1024 - 1); /* max 512 KiB flash */
pagesize = PDATA(pgm)->flash_pagesize;
paddr = addr & ~(pagesize - 1);
paddr_ptr = &PDATA(pgm)->flash_pageaddr;