Fix a signedness bug when shifting bits; this caused the length field
of the packet to occasionally been misinterpreted as a negative number. When discarding a packet for being overly long, restart the state machine instead of attempting to drop a preposterous amount of data. It is unlikely in that case that preposterous amount of data would ever arrive, so rather attempt to re-align the reading algorithm (supposedly resulting in a timeout and retransmit). git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk@472 81a1dc3b-b13d-400b-aceb-764788c761c2
This commit is contained in:
Joerg Wunsch
parent
c51374cfe2
commit
949a24ec44
|
|
@ -1,3 +1,10 @@
|
||||||
|
2005-05-27 Joerg Wunsch <j@uriah.heep.sax.de>
|
||||||
|
|
||||||
|
* jtagmkII.c: fix a signedness bug when shifting bits; when
|
||||||
|
discarding a packet for being overly long, restart the state
|
||||||
|
machine instead of attempting to drop a preposterous amount
|
||||||
|
of data.
|
||||||
|
|
||||||
2005-05-19 Joerg Wunsch <j@uriah.heep.sax.de>
|
2005-05-19 Joerg Wunsch <j@uriah.heep.sax.de>
|
||||||
|
|
||||||
* avrdude.1:
|
* avrdude.1:
|
||||||
|
|
|
||||||
|
|
@ -99,9 +99,9 @@ b4_to_u32(unsigned char *b)
|
||||||
{
|
{
|
||||||
unsigned long l;
|
unsigned long l;
|
||||||
l = b[0];
|
l = b[0];
|
||||||
l += b[1] << 8;
|
l += (unsigned)b[1] << 8;
|
||||||
l += b[2] << 16;
|
l += (unsigned)b[2] << 16;
|
||||||
l += b[3] << 24;
|
l += (unsigned)b[3] << 24;
|
||||||
|
|
||||||
return l;
|
return l;
|
||||||
}
|
}
|
||||||
|
|
@ -120,7 +120,7 @@ b2_to_u16(unsigned char *b)
|
||||||
{
|
{
|
||||||
unsigned short l;
|
unsigned short l;
|
||||||
l = b[0];
|
l = b[0];
|
||||||
l += b[1] << 8;
|
l += (unsigned)b[1] << 8;
|
||||||
|
|
||||||
return l;
|
return l;
|
||||||
}
|
}
|
||||||
|
|
@ -411,7 +411,7 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg,
|
||||||
case sSEQNUM1:
|
case sSEQNUM1:
|
||||||
case sSEQNUM2:
|
case sSEQNUM2:
|
||||||
r_seqno >>= 8;
|
r_seqno >>= 8;
|
||||||
r_seqno |= (c << 8);
|
r_seqno |= ((unsigned)c << 8);
|
||||||
state++;
|
state++;
|
||||||
break;
|
break;
|
||||||
case sSIZE1:
|
case sSIZE1:
|
||||||
|
|
@ -419,7 +419,7 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg,
|
||||||
case sSIZE3:
|
case sSIZE3:
|
||||||
case sSIZE4:
|
case sSIZE4:
|
||||||
msglen >>= 8;
|
msglen >>= 8;
|
||||||
msglen |= (c << 24);
|
msglen |= ((unsigned)c << 24);
|
||||||
state++;
|
state++;
|
||||||
break;
|
break;
|
||||||
case sTOKEN:
|
case sTOKEN:
|
||||||
|
|
@ -430,7 +430,8 @@ static int jtagmkII_recv_frame(PROGRAMMER * pgm, unsigned char **msg,
|
||||||
"%s: jtagmkII_recv(): msglen %lu exceeds max message "
|
"%s: jtagmkII_recv(): msglen %lu exceeds max message "
|
||||||
"size %u, ignoring message\n",
|
"size %u, ignoring message\n",
|
||||||
progname, msglen, MAX_MESSAGE);
|
progname, msglen, MAX_MESSAGE);
|
||||||
ignorpkt++;
|
state = sSTART;
|
||||||
|
headeridx = 0;
|
||||||
} else if ((buf = malloc(msglen + 10)) == NULL) {
|
} else if ((buf = malloc(msglen + 10)) == NULL) {
|
||||||
fprintf(stderr, "%s: jtagmkII_recv(): out of memory\n",
|
fprintf(stderr, "%s: jtagmkII_recv(): out of memory\n",
|
||||||
progname);
|
progname);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue