projects
/
fw
/
openocd
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
gdb server: Fix buffer overrun - sprintf appends a terminating null to the data which...
[fw/openocd]
/
src
/
server
/
gdb_server.c
diff --git
a/src/server/gdb_server.c
b/src/server/gdb_server.c
index b643ae706b13e41115c7a9c9d27d02ac1ae52496..cb96bf29fdec8c62ab88861401e88c99444cd6f6 100644
(file)
--- a/
src/server/gdb_server.c
+++ b/
src/server/gdb_server.c
@@
-978,7
+978,7
@@
static int gdb_get_registers_packet(struct connection *connection,
assert(reg_packet_size > 0);
assert(reg_packet_size > 0);
- reg_packet = malloc(reg_packet_size
);
+ reg_packet = malloc(reg_packet_size
+ 1); /* plus one for string termination null */
reg_packet_p = reg_packet;
for (i = 0; i < reg_list_size; i++) {
reg_packet_p = reg_packet;
for (i = 0; i < reg_list_size; i++) {
@@
-1085,7
+1085,7
@@
static int gdb_get_register_packet(struct connection *connection,
if (!reg_list[reg_num]->valid)
reg_list[reg_num]->type->get(reg_list[reg_num]);
if (!reg_list[reg_num]->valid)
reg_list[reg_num]->type->get(reg_list[reg_num]);
- reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2
);
+ reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2
+ 1); /* plus one for string termination null */
gdb_str_to_target(target, reg_packet, reg_list[reg_num]);
gdb_str_to_target(target, reg_packet, reg_list[reg_num]);