[bug #54159] Buffer overflow in usbtiny.c

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[bug #54159] Buffer overflow in usbtiny.c

Joerg Wunsch-6
URL:
  <http://savannah.nongnu.org/bugs/?54159>

                 Summary: Buffer overflow in usbtiny.c
                 Project: AVR Downloader/UploaDEr
            Submitted by: None
            Submitted on: Wed 20 Jun 2018 08:47:58 PM UTC
                Category: None
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Marius Greuel
        Originator Email: [hidden email]
             Open/Closed: Open
                 Release: 6.3
         Discussion Lock: Any
     Programmer hardware: usbtiny
             Device type: t85

    _______________________________________________________

Details:

There is a bug in usbtiny_paged_load() that causes a read/verify operation to
overflow the flash memory buffer and crash the application.

The chunk being read is always 128, regardless of the actual bytes requested
or bytes left.

See patch.txt for details.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 20 Jun 2018 08:47:58 PM UTC  Name: patch.txt  Size: 791B   By: None

<http://savannah.nongnu.org/bugs/download.php?file_id=44398>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?54159>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
avrdude-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/avrdude-dev
Reply | Threaded
Open this post in threaded view
|

[bug #54159] Buffer overflow in usbtiny.c

Joerg Wunsch-6
Follow-up Comment #1, bug #54159 (project avrdude):

Looks like the same problem as http://savannah.nongnu.org/bugs/?48776

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?54159>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
avrdude-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/avrdude-dev