avr/avrdude
2
0
Fork 0
mirror of https://github.com/mariusgreuel/avrdude.git synced 2025-12-13 09:24:55 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #924 from MCUdude/terminal-overflow-fix

Browse Source 
Fix terminal write buffer overflow issue
This commit is contained in:
Jörg Wunsch
2022-04-10 22:19:27 +02:00
committed by GitHub
parent abe7180bb8 1363c7fe76
commit 99a75701b1
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/term.c
View File

@@ -373,7 +373,8 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
return -1; return -1;
} }
uint8_t * buf = malloc(mem->size + 0x10); // Allocate a buffer guaranteed to be large enough
uint8_t * buf = calloc(mem->size + 0x10 + strlen(argv[argc - 2]), sizeof(uint8_t));
if (buf == NULL) { if (buf == NULL) {
avrdude_message(MSG_INFO, "%s (write): out of memory\n", progname); avrdude_message(MSG_INFO, "%s (write): out of memory\n", progname);
return -1; return -1;
@@ -535,6 +536,10 @@ static int cmd_write(PROGRAMMER * pgm, struct avrpart * p,
buf[i - start_offset + ++data.bytes_grown] = data.a[7]; buf[i - start_offset + ++data.bytes_grown] = data.a[7];
} }
} }
// Make sure buf does not overflow
if (i - start_offset + data.bytes_grown > maxsize)
break;
} }
// When in "fill" mode, the maximum size is already predefined // When in "fill" mode, the maximum size is already predefined