Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sparse IHEX files cause out of bounds memory access, segfault #39

Open
Shachar opened this issue Aug 25, 2023 · 1 comment
Open

Sparse IHEX files cause out of bounds memory access, segfault #39

Shachar opened this issue Aug 25, 2023 · 1 comment

Comments

@Shachar
Copy link

Shachar commented Aug 25, 2023

I have an MCS file (big endian Intel HEX format). It contains 12868 bytes, but those start (via the "4" command) at address 0x200000 (2MB into the flash).

The code in the MCS parser allocates a buffer the size of the file (so, 35424 bytes), and then uses the calculated address (2MB) to index into it. This creates an out of bounds access which results in a segmentation fault.

The difference in buffer size (based on the size of the textual MCS file) vs. the data size gives some leeway, but if the offset is too big, the code is completely broken for handling files that don't have all of their data right at the beginning of the flash.
@Shachar
Copy link
Author

Shachar commented Aug 25, 2023

I'm attaching the first 30 lines of the MCS file. They should be enough to see the problem happening.

:020000040020DA
:100000007F454C4601010100000000000000000097
:100010000200F300010000000080008034000000B6
:100020008C30000000000000340020000400280094
:100030000B000A0003000070003000000000000206
:10004000000000011C00000000000000040000008F
:10005000010000000100000000100000008000808E
:1000600000800080480A0000480A000005000000E7
:1000700000100000010000000020000000001080BF
:100080000000108024010000240100000400000092
:10009000001000000100000000300000000020807F
:1000A00000002080000000000000000006000000AA
:1000B0000010000000000000000000000000000030
:1000C0000000000000000000000000000000000030
:1000D0000000000000000000000000000000000020
:1000E0000000000000000000000000000000000010
:1000F0000000000000000000000000000000000000
:1001000000000000000000000000000000000000EF
:1001100000000000000000000000000000000000DF
:1001200000000000000000000000000000000000CF
:1001300000000000000000000000000000000000BF
:1001400000000000000000000000000000000000AF
:10015000000000000000000000000000000000009F
:10016000000000000000000000000000000000008F
:10017000000000000000000000000000000000007F
:10018000000000000000000000000000000000006F
:10019000000000000000000000000000000000005F
:1001A000000000000000000000000000000000004F
:1001B000000000000000000000000000000000003F
:1001C000000000000000000000000000000000002F

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Shachar