auracaster/sw_openocd
3
0
Fork 0
forked from auracaster/openocd
Code Pull Requests Activity

target: fix wrap-around detection for read_memory/write_memory

Browse Source 
while at it change the order of checks for requested region sizes to
get rid of potential overflow during multiplication.

Change-Id: I97dac68e7024591cfd7abb70c8c62dff791298fe
Signed-off-by: Parshintsev Anatoly <anatoly.parshintsev@syntacore.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/8572
Tested-by: jenkins
Reviewed-by: zapb <dev@zapb.de>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
This commit is contained in:
Parshintsev Anatoly
2024-11-08 07:12:46 +03:00
committed by Antonio Borneo
parent a168c63412
commit 7837f508a5
1 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/target/target.c
View File

@@ -4447,15 +4447,17 @@ COMMAND_HANDLER(handle_target_read_memory)
return ERROR_COMMAND_ARGUMENT_INVALID;
}
const unsigned int width = width_bits / 8;
if ((addr + (count * width)) < addr) {
command_print(CMD, "read_memory: addr + count wraps to zero");
if (count > 65536) {
command_print(CMD, "read_memory: too large read request, exceeds 64K elements");
return ERROR_COMMAND_ARGUMENT_INVALID;
}
if (count > 65536) {
command_print(CMD, "read_memory: too large read request, exceeds 64K elements");
const unsigned int width = width_bits / 8;
/* -1 is needed to handle cases when (addr + count * width) results in zero
* due to overflow.
*/
if ((addr + count * width - 1) < addr) {
command_print(CMD, "read_memory: memory region wraps over address zero");
return ERROR_COMMAND_ARGUMENT_INVALID;
}
@@ -4584,15 +4586,19 @@ static int target_jim_write_memory(Jim_Interp *interp, int argc,
return JIM_ERR;
}
const unsigned int width = width_bits / 8;
if ((addr + (count * width)) < addr) {
Jim_SetResultString(interp, "write_memory: addr + len wraps to zero", -1);
if (count > 65536) {
Jim_SetResultString(interp,
"write_memory: too large memory write request, exceeds 64K elements", -1);
return JIM_ERR;
}
if (count > 65536) {
Jim_SetResultString(interp, "write_memory: too large memory write request, exceeds 64K elements", -1);
const unsigned int width = width_bits / 8;
/* -1 is needed to handle cases when (addr + count * width) results in zero
* due to overflow.
*/
if ((addr + count * width - 1) < addr) {
Jim_SetResultFormatted(interp,
"write_memory: memory region wraps over address zero");
return JIM_ERR;
}