|
From: | Robert Kavaler |
Subject: | [avrdude-dev] Found a bug in stk500v2.c |
Date: | Mon, 18 Jul 2016 21:17:36 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
avrdude -C avrdude.conf -c avrispmkII -p t104What appears to happen in this case is that mem->buf is allocated only a buffer of size 3 and write are all page_size which is 16 and that overrun causes the process to coredump on exit (i.e. memory corruption).
I would like to fix it better than my current fix but I need the validate that: 1. this function should read n_bytes total which each read is limited to page_size bytes. 2. If there is not enough memory (n_bytes > mem->size) should I return or just truncate the transfer to the buffer.
Robert
[Prev in Thread] | Current Thread | [Next in Thread] |