diff options
| author | Andreas Fritiofson <andreas.fritiofson@gmail.com> | 2014-03-06 22:06:59 +0100 |
|---|---|---|
| committer | Spencer Oliver <spen@spen-soft.co.uk> | 2014-03-07 11:40:55 +0000 |
| commit | 3560c8e06b221b4d3f23f4844b8f5cd254c605c2 (patch) | |
| tree | 491d33550d6c223d26eae1eaea12748e196e208c | |
| parent | 35fdbdcecd4fb829e6f31bfd95b874979e0abd6f (diff) | |
gdb_server: Fix segfault in (and rewrite) decode_xfer_read
Introduced by 537b06a81 (free non-malloced memory).
Rewrite to use standard C string routines and make returning annex
optional since it's not currently used.
Change-Id: Idf3698a482dfeff7fa5ea1660fd89122eb80b68d
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/2023
Tested-by: jenkins
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
| -rw-r--r-- | src/server/gdb_server.c | 48 |
1 files changed, 18 insertions, 30 deletions
diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c index e417bf45..f2d0a46f 100644 --- a/src/server/gdb_server.c +++ b/src/server/gdb_server.c @@ -1669,41 +1669,31 @@ static void xml_printf(int *retval, char **xml, int *pos, int *size, } } -static int decode_xfer_read(char const *_buf, char **annex, int *ofs, unsigned int *len) +static int decode_xfer_read(char const *buf, char **annex, int *ofs, unsigned int *len) { - int ret = 0; - char *buf = strdup(_buf); - char *_annex; - char *separator; - - /* Extract and NUL-terminate the annex. */ - _annex = buf; - while (*buf && *buf != ':') - buf++; - if (*buf == '\0') { - ret = -1; - goto out; - } - *buf++ = 0; - - /* Return annex as copy because "buf" will be freed in this function */ - *annex = strdup(_annex); + /* Locate the annex. */ + const char *annex_end = strchr(buf, ':'); + if (annex_end == NULL) + return ERROR_FAIL; /* After the read marker and annex, qXfer looks like a * traditional 'm' packet. */ + char *separator; + *ofs = strtoul(annex_end + 1, &separator, 16); - *ofs = strtoul(buf, &separator, 16); - - if (*separator != ',') { - ret = -1; - goto out; - } + if (*separator != ',') + return ERROR_FAIL; *len = strtoul(separator + 1, NULL, 16); -out: - free(buf); - return ret; + /* Extract the annex if needed */ + if (annex != NULL) { + *annex = strndup(buf, annex_end - buf); + if (*annex == NULL) + return ERROR_FAIL; + } + + return ERROR_OK; } static int compare_bank(const void *a, const void *b) @@ -2387,16 +2377,14 @@ static int gdb_query_packet(struct connection *connection, int offset; unsigned int length; - char *annex = NULL; /* skip command character */ packet += 20; - if (decode_xfer_read(packet, &annex, &offset, &length) < 0) { + if (decode_xfer_read(packet, NULL, &offset, &length) < 0) { gdb_send_error(connection, 01); return ERROR_OK; } - free(annex); /* Target should prepare correct target description for annex. * The first character of returned xml is 'm' or 'l'. 'm' for |