aboutsummaryrefslogtreecommitdiff
path: root/src/server
diff options
context:
space:
mode:
authorAndreas Fritiofson <andreas.fritiofson@gmail.com>2014-03-06 22:06:59 +0100
committerSpencer Oliver <spen@spen-soft.co.uk>2014-03-07 11:40:55 +0000
commit3560c8e06b221b4d3f23f4844b8f5cd254c605c2 (patch)
tree491d33550d6c223d26eae1eaea12748e196e208c /src/server
parent35fdbdcecd4fb829e6f31bfd95b874979e0abd6f (diff)
gdb_server: Fix segfault in (and rewrite) decode_xfer_read
Introduced by 537b06a81 (free non-malloced memory). Rewrite to use standard C string routines and make returning annex optional since it's not currently used. Change-Id: Idf3698a482dfeff7fa5ea1660fd89122eb80b68d Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com> Reviewed-on: http://openocd.zylin.com/2023 Tested-by: jenkins Reviewed-by: Paul Fertser <fercerpav@gmail.com> Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Diffstat (limited to 'src/server')
-rw-r--r--src/server/gdb_server.c48
1 files changed, 18 insertions, 30 deletions
diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c
index e417bf45..f2d0a46f 100644
--- a/src/server/gdb_server.c
+++ b/src/server/gdb_server.c
@@ -1669,41 +1669,31 @@ static void xml_printf(int *retval, char **xml, int *pos, int *size,
}
}
-static int decode_xfer_read(char const *_buf, char **annex, int *ofs, unsigned int *len)
+static int decode_xfer_read(char const *buf, char **annex, int *ofs, unsigned int *len)
{
- int ret = 0;
- char *buf = strdup(_buf);
- char *_annex;
- char *separator;
-
- /* Extract and NUL-terminate the annex. */
- _annex = buf;
- while (*buf && *buf != ':')
- buf++;
- if (*buf == '\0') {
- ret = -1;
- goto out;
- }
- *buf++ = 0;
-
- /* Return annex as copy because "buf" will be freed in this function */
- *annex = strdup(_annex);
+ /* Locate the annex. */
+ const char *annex_end = strchr(buf, ':');
+ if (annex_end == NULL)
+ return ERROR_FAIL;
/* After the read marker and annex, qXfer looks like a
* traditional 'm' packet. */
+ char *separator;
+ *ofs = strtoul(annex_end + 1, &separator, 16);
- *ofs = strtoul(buf, &separator, 16);
-
- if (*separator != ',') {
- ret = -1;
- goto out;
- }
+ if (*separator != ',')
+ return ERROR_FAIL;
*len = strtoul(separator + 1, NULL, 16);
-out:
- free(buf);
- return ret;
+ /* Extract the annex if needed */
+ if (annex != NULL) {
+ *annex = strndup(buf, annex_end - buf);
+ if (*annex == NULL)
+ return ERROR_FAIL;
+ }
+
+ return ERROR_OK;
}
static int compare_bank(const void *a, const void *b)
@@ -2387,16 +2377,14 @@ static int gdb_query_packet(struct connection *connection,
int offset;
unsigned int length;
- char *annex = NULL;
/* skip command character */
packet += 20;
- if (decode_xfer_read(packet, &annex, &offset, &length) < 0) {
+ if (decode_xfer_read(packet, NULL, &offset, &length) < 0) {
gdb_send_error(connection, 01);
return ERROR_OK;
}
- free(annex);
/* Target should prepare correct target description for annex.
* The first character of returned xml is 'm' or 'l'. 'm' for