[OpenOCD-commit] Main OpenOCD repository branch, master, updated. v0.11.0-340-g013a0e88d

[OpenOCD-Gerrit <ope...@us...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Main OpenOCD repository".

The branch, master has been updated
       via  013a0e88d2a6e4626987e9fbe056ee1d40026933 (commit)
      from  085dd21a16c84874fddd76b07a995afae9af182a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 013a0e88d2a6e4626987e9fbe056ee1d40026933
Author: Sebastiaan de Schaetzen <seb...@gm...>
Date:   Tue Jul 27 15:06:57 2021 +0200

    rtos/riot: fix out-of-bounds writes when target is corrupted
    
    This protects against out-of-bounds writes when the memory
    of RIOT's scheduler is corrupted.
    This memory can be corrupted because of:
     - Programming errors
     - The scheduler not yet having been initialised
     - An incorrect symbol file being used during debugging.
    
    This error can result in OpenOCD segfaulting. Valgrind was
    used to find the approximate location of the error.
    
    Change-Id: I60e7d7c245b8c4e38f4c98cb0c0347a9b5ec3177
    Signed-off-by: Sebastiaan de Schaetzen <seb...@gm...>
    Reviewed-on: https://review.openocd.org/c/openocd/+/6381
    Tested-by: jenkins
    Reviewed-by: Antonio Borneo <bor...@gm...>

diff --git a/src/rtos/riot.c b/src/rtos/riot.c
index 1d53da2b0..8a3874202 100644
--- a/src/rtos/riot.c
+++ b/src/rtos/riot.c
@@ -118,7 +118,7 @@ const struct rtos_type riot_rtos = {
 static int riot_update_threads(struct rtos *rtos)
 {
 	int retval;
-	unsigned int tasks_found = 0;
+	int tasks_found = 0;
 	const struct riot_params *param;
 
 	if (!rtos)
@@ -170,7 +170,6 @@ static int riot_update_threads(struct rtos *rtos)
 			riot_symbol_list[RIOT_NUM_THREADS].name);
 		return retval;
 	}
-	rtos->thread_count = thread_count;
 
 	/* read the maximum number of threads */
 	uint8_t max_threads = 0;
@@ -182,6 +181,11 @@ static int riot_update_threads(struct rtos *rtos)
 			riot_symbol_list[RIOT_MAX_THREADS].name);
 		return retval;
 	}
+	if (thread_count > max_threads) {
+		LOG_ERROR("Thread count is invalid");
+		return ERROR_FAIL;
+	}
+	rtos->thread_count = thread_count;
 
 	/* Base address of thread array */
 	uint32_t threads_base = rtos->symbols[RIOT_THREADS_BASE].address;
@@ -211,6 +215,9 @@ static int riot_update_threads(struct rtos *rtos)
 	char buffer[32];
 
 	for (unsigned int i = 0; i < max_threads; i++) {
+		if (tasks_found == rtos->thread_count)
+			break;
+
 		/* get pointer to tcb_t */
 		uint32_t tcb_pointer = 0;
 		retval = target_read_u32(rtos->target,

-----------------------------------------------------------------------

Summary of changes:
 src/rtos/riot.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
Main OpenOCD repository