From 80f78acf7350ca9f812b520ec80f9bc6159d7f0c Mon Sep 17 00:00:00 2001 From: Joerg Fischer Date: Sun, 10 Feb 2013 21:45:30 +0100 Subject: [PATCH] Fix buffer overflow in versaloon interface The USB buffer will need space for both TMS and TDI buffers. Each holds tap_buffer_size bytes maximum, so tap_buffer_size must be smaller than half of usb buf_size. Change-Id: Id8f39936a894cbd98deb89eec5a859aef1e2b783 Signed-off-by: Joerg Fischer Reviewed-on: http://openocd.zylin.com/1136 Tested-by: jenkins Reviewed-by: simon qian Reviewed-by: Spencer Oliver --- src/jtag/drivers/vsllink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jtag/drivers/vsllink.c b/src/jtag/drivers/vsllink.c index 1c0c3e1e..b9bda5d1 100644 --- a/src/jtag/drivers/vsllink.c +++ b/src/jtag/drivers/vsllink.c @@ -302,7 +302,7 @@ static int vsllink_init(void) } /* malloc buffer size for tap */ - tap_buffer_size = versaloon_interface.usb_setting.buf_size - 32; + tap_buffer_size = versaloon_interface.usb_setting.buf_size / 2 - 32; vsllink_free_buffer(); tdi_buffer = (uint8_t *)malloc(tap_buffer_size); tdo_buffer = (uint8_t *)malloc(tap_buffer_size); -- 2.39.5