From 8262e8a2c03efa5ddcb780da7174210b4c5da7ca Mon Sep 17 00:00:00 2001 From: xuguangxiao Date: Tue, 23 Oct 2018 15:43:11 +0800 Subject: [PATCH] jtag/bitq: array boundary overflow The for loop inside bitq_path_move function is not correct, this will overflow the cmd->path array and produces an unpredictable result. Change-Id: I81e3bc9ee6d1dd948acd2fe4c667103ac22bb26f Signed-off-by: xuguangxiao Reviewed-on: http://openocd.zylin.com/4733 Tested-by: jenkins Reviewed-by: Tomas Vanek --- src/jtag/drivers/bitq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jtag/drivers/bitq.c b/src/jtag/drivers/bitq.c index 66285f70..55dfe0aa 100644 --- a/src/jtag/drivers/bitq.c +++ b/src/jtag/drivers/bitq.c @@ -123,7 +123,7 @@ static void bitq_path_move(struct pathmove_command *cmd) { int i; - for (i = 0; i <= cmd->num_states; i++) { + for (i = 0; i < cmd->num_states; i++) { if (tap_state_transition(tap_get_state(), false) == cmd->path[i]) bitq_io(0, 0, 0); else if (tap_state_transition(tap_get_state(), true) == cmd->path[i]) -- 2.39.5