Skip to content

Commit

Permalink
Merge pull request #1818 from stefanrueger/out-of-bounds
Browse files Browse the repository at this point in the history 
Downgrade out-of-range file input errors to warnings on -F
  • Loading branch information
@stefanrueger
stefanrueger authored Jun 15, 2024
2 parents ffdf66d + 212b822 commit da6418e
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 25 deletions.
114 changes: 90 additions & 24 deletions src/fileio.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,6 @@ static int ihex_readrec(struct ihexsrec *ihex, char * rec) {
int offset, len;
char * e;
unsigned char cksum;
int rc;

len = strlen(rec);
offset = 1;
Expand Down Expand Up @@ -320,9 +319,10 @@ static int ihex_readrec(struct ihexsrec *ihex, char * rec) {
if (e == buf || *e != 0)
return -1;

rc = -cksum & 0x000000ff;
pmsg_debug("read ihex record type 0x%02x at 0x%04x with %2d bytes and chksum 0x%02x (0x%02x)\n",
ihex->rectyp, ihex->loadofs, ihex->reclen, ihex->cksum, -cksum & 0xff);

return rc;
return -cksum & 0xff;
}


Expand Down Expand Up @@ -377,28 +377,61 @@ static int ihex2b(const char *infile, FILE *inf, const AVRMEM *mem,
imsg_notice("checksum=0x%02x, computed checksum=0x%02x\n", ihex.cksum, rc);
}

unsigned below = 0;
switch (ihex.rectyp) {
case 0: /* data record */
if (fileoffset != 0 && ihex.loadofs + baseaddr < fileoffset) {
pmsg_error("address 0x%04x out of range (below fileoffset 0x%x) at line %d of %s\n",
if(ihex.loadofs + baseaddr < fileoffset) {
if(!ovsigck) {
pmsg_error("address 0x%04x out of range (below fileoffset 0x%x) at line %d of %s\n",
ihex.loadofs + baseaddr, fileoffset, lineno, infile);
imsg_error("use -F to skip this check\n");
mmt_free(buffer);
return -1;
}
pmsg_warning("address 0x%04x out of range (below fileoffset 0x%x) at line %d of %s\n",
ihex.loadofs + baseaddr, fileoffset, lineno, infile);
mmt_free(buffer);
return -1;
below = fileoffset - baseaddr - ihex.loadofs;
if(below < ihex.reclen) { // Clip record
ihex.reclen -= below;
ihex.loadofs += below;
} else { // Nothing to write
ihex.reclen = 0;
}
imsg_warning("%s record\n", ihex.reclen? "clipping": "ignoring");
}
nextaddr = ihex.loadofs + baseaddr - fileoffset;
unsigned int beg = segp->addr, end = segp->addr + segp->len-1;
if(nextaddr < beg || nextaddr + ihex.reclen-1 > end) {
pmsg_error("Intel Hex record [0x%0*x, 0x%0*x] out of range [0x%0*x, 0x%0*x]\n",
if(ihex.reclen && (nextaddr < beg || nextaddr + ihex.reclen-1 > end)) {
if(!ovsigck) {
pmsg_error("Intel Hex record [0x%0*x, 0x%0*x] out of range [0x%0*x, 0x%0*x]\n",
digits, nextaddr, digits, nextaddr+ihex.reclen-1, digits, beg, digits, end);
imsg_error("at line %d of %s; use -F to skip this check\n", lineno, infile);
mmt_free(buffer);
return -1;
}
pmsg_warning("Intel Hex record [0x%0*x, 0x%0*x] out of range [0x%0*x, 0x%0*x]\n",
digits, nextaddr, digits, nextaddr+ihex.reclen-1, digits, beg, digits, end);
imsg_error("at line %d of %s\n", lineno, infile);
mmt_free(buffer);
return -1;
if(nextaddr < beg) {
unsigned low = beg - nextaddr;
if(low < ihex.reclen) { // Clip record
ihex.reclen -= low;
nextaddr += low;
below += low;
} else { // Nothing to write
ihex.reclen = 0;
}
}
if(ihex.reclen && nextaddr + ihex.reclen-1 > end) {
unsigned above = nextaddr + ihex.reclen-1 - end;
ihex.reclen = above < ihex.reclen? ihex.reclen - above: 0; // Clip or zap
}
imsg_warning("at line %d of %s; %s record\n", lineno, infile, ihex.reclen? "clipping": "ignoring");
}
for(int i=0; i<ihex.reclen; i++) {
mem->buf[nextaddr+i] = ihex.data[i];
mem->buf[nextaddr+i] = ihex.data[below + i];
mem->tags[nextaddr+i] = TAG_ALLOCATED;
}
if (nextaddr+ihex.reclen > maxaddr)
if(ihex.reclen && nextaddr+ihex.reclen > maxaddr)
maxaddr = nextaddr+ihex.reclen;
break;

Expand Down Expand Up @@ -692,26 +725,59 @@ static int srec2b(const char *infile, FILE * inf,

if (datarec == 1) {
nextaddr = srec.loadofs;
unsigned below = 0;
if (nextaddr < fileoffset) {
pmsg_error("address 0x%0*x below memory offset at line %d of %s\n",
if(!ovsigck) {
pmsg_error("address 0x%0*x below memory offset at line %d of %s\n",
hexdigs, nextaddr, lineno, infile);
imsg_error("use -F to skip this check\n");
mmt_free(buffer);
return -1;
}
pmsg_warning("address 0x%0*x below memory offset at line %d of %s\n",
hexdigs, nextaddr, lineno, infile);
mmt_free(buffer);
return -1;
below = fileoffset - nextaddr;
if(below < srec.reclen) { // Clip record
nextaddr += below;
srec.reclen -= below;
} else { // Ignore record
srec.reclen = 0;
}
imsg_warning("%s record\n", srec.reclen? "clipping": "ignoring");
}
nextaddr -= fileoffset;
unsigned int beg = segp->addr, end = segp->addr + segp->len-1;
if(nextaddr < beg || nextaddr + srec.reclen-1 > end) {
pmsg_error("Motorola S-Record [0x%0*x, 0x%0*x] out of range [0x%0*x, 0x%0*x]\n",
if(srec.reclen && (nextaddr < beg || nextaddr + srec.reclen-1 > end)) {
if(!ovsigck) {
pmsg_error("Motorola S-Record [0x%0*x, 0x%0*x] out of range [0x%0*x, 0x%0*x]\n",
digits, nextaddr, digits, nextaddr+srec.reclen-1, digits, beg, digits, end);
imsg_error("at line %d of %s; use -F to skip this check\n", lineno, infile);
mmt_free(buffer);
return -1;
}
pmsg_warning("Motorola S-Record [0x%0*x, 0x%0*x] out of range [0x%0*x, 0x%0*x]\n",
digits, nextaddr, digits, nextaddr+srec.reclen-1, digits, beg, digits, end);
imsg_error("at line %d of %s\n", lineno, infile);
mmt_free(buffer);
return -1;
if(nextaddr < beg) {
unsigned low = beg - nextaddr;
if(low < srec.reclen) { // Clip record
srec.reclen -= low;
nextaddr += low;
below += low;
} else { // Nothing to write
srec.reclen = 0;
}
}
if(srec.reclen && nextaddr + srec.reclen-1 > end) {
unsigned above = nextaddr + srec.reclen-1 - end;
srec.reclen = above < srec.reclen? srec.reclen - above: 0; // Clip or zap
}
imsg_warning("at line %d of %s; %s record\n", lineno, infile, srec.reclen? "clipping": "ignoring");
}
for(int i=0; i<srec.reclen; i++) {
mem->buf[nextaddr+i] = srec.data[i];
mem->buf[nextaddr+i] = srec.data[below + i];
mem->tags[nextaddr+i] = TAG_ALLOCATED;
}
if (nextaddr+srec.reclen > maxaddr)
if(srec.reclen && nextaddr+srec.reclen > maxaddr)
maxaddr = nextaddr+srec.reclen;
reccount++;
}
Expand Down
2 changes: 1 addition & 1 deletion src/term.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -582,7 +582,7 @@ static int cmd_write(const PROGRAMMER *pgm, const AVRPART *p, int argc, const ch
pmsg_warning("(write) clipping data to fit into %s %s memory\n", p->desc, mem->desc);
}

pmsg_notice2("(write) writing %d byte%s starting from address 0x%02x",
pmsg_notice2("(write) writing %d byte%s starting from address 0x%04x",
len + bytes_grown, str_plural(len + bytes_grown), addr);
if (write_mode == WRITE_MODE_FILL && filling)
msg_notice2("; remaining space filled with %s", argv[argc - 2]);
Expand Down

0 comments on commit da6418e

Please sign in to comment.