[patch #9820] Fix some out-of-bounds/uninitialized issues

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[patch #9820] Fix some out-of-bounds/uninitialized issues

Kevin Cuzner-2
URL:
  <https://savannah.nongnu.org/patch/?9820>

                 Summary: Fix some out-of-bounds/uninitialized issues
                 Project: AVR Downloader/UploaDEr
            Submitted by: aklieber
            Submitted on: Sun 23 Jun 2019 11:55:52 AM UTC
                Category: None
                Priority: 5 - Normal
                  Status: None
                 Privacy: Private
             Assigned to: None
        Originator Email:
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

avrdude_stk500v2.c_potential_out_of_bounds.patch:
Fix for loop missing div by sizeof first element + index var will be outside
array range if no match found.

avrdude_pickit2.c_out_of_bounds.patch:
Fix assigning PGM_DESCLEN (=80) bytes to pgm->type (32 bytes). Most likely a
mixup between type and desc fields. Comment states intention to get
description, not type.

avrdude_stk500v2.c_potentially_uninitialized.patch:
Fix variables being uninitialized in call to avrdude_message if
stk500v2_getparm fails.

avrdude_avr.c_potential_div_by_zero.patch:
Fix missing check for page_size > 0 potentially resulting in div by zero in
modulo page_size.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Sun 23 Jun 2019 11:55:52 AM UTC  Name:
avrdude_stk500v2.c_potential_out_of_bounds.patch  Size: 717B   By: aklieber

<http://savannah.nongnu.org/patch/download.php?file_id=47127>
-------------------------------------------------------
Date: Sun 23 Jun 2019 11:55:52 AM UTC  Name:
avrdude_stk500v2.c_potentially_uninitialized.patch  Size: 554B   By: aklieber

<http://savannah.nongnu.org/patch/download.php?file_id=47128>
-------------------------------------------------------
Date: Sun 23 Jun 2019 11:55:52 AM UTC  Name:
avrdude_pickit2.c_out_of_bounds.patch  Size: 671B   By: aklieber

<http://savannah.nongnu.org/patch/download.php?file_id=47129>
-------------------------------------------------------
Date: Sun 23 Jun 2019 11:55:52 AM UTC  Name:
avrdude_avr.c_potential_div_by_zero.patch  Size: 441B   By: aklieber

<http://savannah.nongnu.org/patch/download.php?file_id=47130>

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9820>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
avrdude-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/avrdude-dev
Reply | Threaded
Open this post in threaded view
|

[patch #9820] Fix some out-of-bounds/uninitialized issues

Kevin Cuzner-2
Update of patch #9820 (project avrdude):

                 Privacy:                 Private => Public                


    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9820>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


Reply | Threaded
Open this post in threaded view
|

[patch #9820] Fix some out-of-bounds/uninitialized issues

Kevin Cuzner-2
Update of patch #9820 (project avrdude):

                 Privacy:                  Public => Private                


    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9820>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


Reply | Threaded
Open this post in threaded view
|

[patch #9820] Fix some out-of-bounds/uninitialized issues

Kevin Cuzner-2
Follow-up Comment #1, patch #9820 (project avrdude):

Regarding the divide by 0 patch, I think the following patch is more
versatile:

Index: avrpart.c
===================================================================
--- avrpart.c   (revision 1435)
+++ avrpart.c   (working copy)
@@ -254,6 +254,7 @@
   }
 
   memset(m, 0, sizeof(*m));
+  m->page_size = 1; // ensure not 0
 
   return m;
 }
Index: config_gram.y
===================================================================
--- config_gram.y       (revision 1435)
+++ config_gram.y       (working copy)
@@ -1310,7 +1310,11 @@
 
   K_PAGE_SIZE       TKN_EQUAL TKN_NUMBER
     {
-      current_mem->page_size = $3->value.number;
+      int ps = $3->value.number;
+      if (ps <= 0)
+        avrdude_message(MSG_NOTICE, "invalid page size %d, ignored", ps);
+      else
+        current_mem->page_size = ps;
       free_token($3);
     } |
 


This ensures the page size is always at least 1, so any modulo operation with
it will work - regardless of where it happens.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9820>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


Reply | Threaded
Open this post in threaded view
|

[patch #9820] Fix some out-of-bounds/uninitialized issues

Kevin Cuzner-2
Update of patch #9820 (project avrdude):

                  Status:                    None => Done                  
             Assigned to:                    None => joerg_wunsch          
             Open/Closed:                    Open => Closed                


    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9820>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/