gdb server: Fix buffer overrun - sprintf appends a terminating null to the data which...

[fw/openocd] / src / server / gdb_server.c

diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c
index b643ae706b13e41115c7a9c9d27d02ac1ae52496..cb96bf29fdec8c62ab88861401e88c99444cd6f6 100644 (file)
--- a/src/server/gdb_server.c
+++ b/src/server/gdb_server.c
@@ -978,7 +978,7 @@ static int gdb_get_registers_packet(struct connection *connection,
 
        assert(reg_packet_size > 0);
 
-       reg_packet = malloc(reg_packet_size);
+       reg_packet = malloc(reg_packet_size + 1); /* plus one for string termination null */
        reg_packet_p = reg_packet;
 
        for (i = 0; i < reg_list_size; i++) {
@@ -1085,7 +1085,7 @@ static int gdb_get_register_packet(struct connection *connection,
        if (!reg_list[reg_num]->valid)
                reg_list[reg_num]->type->get(reg_list[reg_num]);
 
-       reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2);
+       reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2 + 1); /* plus one for string termination null */
 
        gdb_str_to_target(target, reg_packet, reg_list[reg_num]);