From 46cff02d389b8300aaec419ba4d80c8ed041a246 Mon Sep 17 00:00:00 2001 From: OmniTechnoMancer Date: Sun, 21 Apr 2024 15:32:34 +0000 Subject: [PATCH] gdb_main: Fix remaining length calculation for 'X' 'M' and 'vFlashWrite' When removing use of sscanf from gdb_main the calculation of the length of the remaining data portion of the 'X', 'M', and 'vFlashWrite' packet types was done wrongly. The difference between the start of data pointer and start of buffer pointer was reversed resulting in adding this to the total length rather than subtracting it. For the 'X' and 'M' packets this causes them to accept lengths longer than the supplied data but correct packets would still function as expected. For the 'vFlashWrite' packet the length passed to the flash write function was about 8 larger than it should have been which could cause problems. The calculation of the data length portion of the packets has been corrected so all three now work as expected. --- src/gdb_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/gdb_main.c b/src/gdb_main.c index 49d86f513ca..d28571026b3 100644 --- a/src/gdb_main.c +++ b/src/gdb_main.c @@ -168,7 +168,7 @@ int32_t gdb_main_loop(target_controller_s *tc, char *pbuf, size_t pbuf_size, siz uint32_t len = 0; ERROR_IF_NO_TARGET(); if (read_hex32(pbuf + 1, &rest, &addr, ',') && read_hex32(rest, &rest, &len, ':')) { - if (len > (size - (size_t)(pbuf - rest)) / 2U) { + if (len > (size - (size_t)(rest - pbuf)) / 2U) { gdb_putpacketz("E02"); break; } @@ -344,7 +344,7 @@ int32_t gdb_main_loop(target_controller_s *tc, char *pbuf, size_t pbuf_size, siz uint32_t addr, len; ERROR_IF_NO_TARGET(); if (read_hex32(pbuf + 1, &rest, &addr, ',') && read_hex32(rest, &rest, &len, ':')) { - if (len > (size - (size_t)(pbuf - rest))) { + if (len > (size - (size_t)(rest - pbuf))) { gdb_putpacketz("E02"); break; } @@ -789,7 +789,7 @@ static void exec_v_flash_write(const char *packet, const size_t length) const char *rest = NULL; if (read_hex32(packet, &rest, &addr, ':')) { /* Write Flash Memory */ - const uint32_t count = length - (packet - rest); + const uint32_t count = length - (size_t)(rest - packet); DEBUG_GDB("Flash Write %08" PRIX32 " %08" PRIX32 "\n", addr, count); if (cur_target && target_flash_write(cur_target, addr, (uint8_t *)rest, count)) gdb_putpacketz("OK");