Fix buffer overflow in versaloon interface36/1136/3
authorJoerg Fischer <turboj@gmx.de>
Sun, 10 Feb 2013 20:45:30 +0000 (10 21:45 +0100)
committerSpencer Oliver <spen@spen-soft.co.uk>
Mon, 25 Feb 2013 11:59:17 +0000 (25 11:59 +0000)
The USB buffer will need space for both TMS and TDI buffers.
Each holds tap_buffer_size bytes maximum, so tap_buffer_size must be
smaller than half of usb buf_size.

Change-Id: Id8f39936a894cbd98deb89eec5a859aef1e2b783
Signed-off-by: Joerg Fischer <turboj@gmx.de>
Reviewed-on: http://openocd.zylin.com/1136
Tested-by: jenkins
Reviewed-by: simon qian <simonqian.openocd@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
src/jtag/drivers/vsllink.c

index 1c0c3e1..b9bda5d 100644 (file)
@@ -302,7 +302,7 @@ static int vsllink_init(void)
        }
 
        /* malloc buffer size for tap */
-       tap_buffer_size = versaloon_interface.usb_setting.buf_size - 32;
+       tap_buffer_size = versaloon_interface.usb_setting.buf_size / 2 - 32;
        vsllink_free_buffer();
        tdi_buffer = (uint8_t *)malloc(tap_buffer_size);
        tdo_buffer = (uint8_t *)malloc(tap_buffer_size);