* jtag3.c (jtag3_initialize): Fix a buffer overflow by limiting
the flash page cache size to at most "readsize". For Xmegas with a page size of 512 bytes, the maximum USB packet size was overflowed, and subsequently, a memmove copied beyond the end of the allocated buffer. * jtag3.c (jtag3_read_byte): Add the correct offset also for the various flash regions, so reading the apptable or boot regions yields the correct data. git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk@1237 81a1dc3b-b13d-400b-aceb-764788c761c2
This commit is contained in:
parent
eb3660e618
commit
8f6c6fc28f
|
@ -1,3 +1,14 @@
|
|||
2013-09-17 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
|
||||
|
||||
* jtag3.c (jtag3_initialize): Fix a buffer overflow by limiting
|
||||
the flash page cache size to at most "readsize". For Xmegas with
|
||||
a page size of 512 bytes, the maximum USB packet size was
|
||||
overflowed, and subsequently, a memmove copied beyond the end of
|
||||
the allocated buffer.
|
||||
* jtag3.c (jtag3_read_byte): Add the correct offset also for the
|
||||
various flash regions, so reading the apptable or boot regions
|
||||
yields the correct data.
|
||||
|
||||
2013-09-16 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
|
||||
|
||||
Submitted by Joakim Lubeck:
|
||||
|
|
|
@ -802,7 +802,10 @@ static int jtag3_initialize(PROGRAMMER * pgm, AVRPART * p)
|
|||
for (ln = lfirst(p->mem); ln; ln = lnext(ln)) {
|
||||
m = ldata(ln);
|
||||
if (strcmp(m->desc, "flash") == 0) {
|
||||
PDATA(pgm)->flash_pagesize = m->page_size;
|
||||
if (m->readsize != 0 && m->readsize < m->page_size)
|
||||
PDATA(pgm)->flash_pagesize = m->readsize;
|
||||
else
|
||||
PDATA(pgm)->flash_pagesize = m->page_size;
|
||||
u16_to_b2(xd.flash_page_size, m->page_size);
|
||||
} else if (strcmp(m->desc, "eeprom") == 0) {
|
||||
PDATA(pgm)->eeprom_pagesize = m->page_size;
|
||||
|
@ -843,7 +846,10 @@ static int jtag3_initialize(PROGRAMMER * pgm, AVRPART * p)
|
|||
for (ln = lfirst(p->mem); ln; ln = lnext(ln)) {
|
||||
m = ldata(ln);
|
||||
if (strcmp(m->desc, "flash") == 0) {
|
||||
PDATA(pgm)->flash_pagesize = m->page_size;
|
||||
if (m->readsize != 0 && m->readsize < m->page_size)
|
||||
PDATA(pgm)->flash_pagesize = m->readsize;
|
||||
else
|
||||
PDATA(pgm)->flash_pagesize = m->page_size;
|
||||
u16_to_b2(md.flash_page_size, m->page_size);
|
||||
u32_to_b4(md.flash_size, (flashsize = m->size));
|
||||
// do we need it? just a wild guess
|
||||
|
@ -1421,6 +1427,7 @@ static int jtag3_read_byte(PROGRAMMER * pgm, AVRPART * p, AVRMEM * mem,
|
|||
strcmp(mem->desc, "application") == 0 ||
|
||||
strcmp(mem->desc, "apptable") == 0 ||
|
||||
strcmp(mem->desc, "boot") == 0) {
|
||||
addr += mem->offset & (512 * 1024 - 1); /* max 512 KiB flash */
|
||||
pagesize = PDATA(pgm)->flash_pagesize;
|
||||
paddr = addr & ~(pagesize - 1);
|
||||
paddr_ptr = &PDATA(pgm)->flash_pageaddr;
|
||||
|
|
Loading…
Reference in New Issue