target/cortex_m: prevent segmentation fault in cortex_m_poll()

If a Cortex-M MCU become unresponsive during a debug session and
re-examination fails to find MEM-AP, debug_ap pointer is set to NULL.

Eventual call of cortex_m_poll() dereferences debug_ap.

Check debug_ap validity at the begin of cortex_m_poll().

Change-Id: I9519f48760c91a48a9e5e8c34634d247098cb14a
Fixes: 35a503b08d14 (arm_adi_v5: add ap refcount and add get/put around ap use)
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: https://review.openocd.org/c/openocd/+/7108
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>

diff --git a/src/target/cortex_m.c b/src/target/cortex_m.c
index 1682f5dec9facbb1cf497ee8d5a095af29173ac3..9497aa0373a0e8aee94b15a8ab3ba66e47065845 100644 (file)
--- a/src/target/cortex_m.c
+++ b/src/target/cortex_m.c
@@ -868,6 +868,16 @@ static int cortex_m_poll(struct target *target)
        struct cortex_m_common *cortex_m = target_to_cm(target);
        struct armv7m_common *armv7m = &cortex_m->armv7m;
 
+       /* Check if debug_ap is available to prevent segmentation fault.
+        * If the re-examination after an error does not find a MEM-AP
+        * (e.g. the target stopped communicating), debug_ap pointer
+        * can suddenly become NULL.
+        */
+       if (!armv7m->debug_ap) {
+               target->state = TARGET_UNKNOWN;
+               return ERROR_TARGET_NOT_EXAMINED;
+       }
+
        /* Read from Debug Halting Control and Status Register */
        retval = cortex_m_read_dhcsr_atomic_sticky(target);
        if (retval != ERROR_OK) {