Command
mdw 0 0x40000000
triggers Segmentation fault on an arm.
Size parameter is a nonsence that may happen e.g. if you
mistype mdw instead of mww.
Add checking for calloc() NULL return in mdb/h/w.
Use calloc() instead of malloc() as multiplication
count * sizeof(uint32_t) overflows for size >= 0x40000000.
Change-Id: I968c944d863d1173ef932a7077d526fccb9381ae
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4349
Tested-by: jenkins
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
/* Allocate buffer to hold the sequence of DRW reads that will be made. This is a significant
* over-allocation if packed transfers are going to be used, but determining the real need at
* this point would be messy. */
- uint32_t *read_buf = malloc(count * sizeof(uint32_t));
+ uint32_t *read_buf = calloc(count, sizeof(uint32_t));
+ /* Multiplication count * sizeof(uint32_t) may overflow, calloc() is safe */
uint32_t *read_ptr = read_buf;
if (read_buf == NULL) {
LOG_ERROR("Failed to allocate read buffer");
COMMAND_PARSE_NUMBER(uint, CMD_ARGV[1], count);
uint8_t *buffer = calloc(count, size);
+ if (buffer == NULL) {
+ LOG_ERROR("Failed to allocate md read buffer");
+ return ERROR_FAIL;
+ }
struct target *target = get_current_target(CMD_CTX);
int retval = fn(target, address, size, count, buffer);
projects / openocd / commitdiff