search

Exadler / DMCC_Library

Code library for the beaglebone DMCC (Dual Motor Controller Cape)
4 stars 10 forks source link

Possible array out-of-bounds error in getNumberOfBytes() #1

Closed napratin closed 10 years ago

napratin commented 10 years ago

In DMCC.c, the function getNumberOfBytes() allocates num bytes to result, but reads num + 1 bytes (i goes from 0 to num):

    char *result = (char *)malloc(sizeof(char)*num);
    ...
    // Get bytes at the given address
    int i = 0;
    while(i <= num) {
        result[i] = (char)(getByte(fd, addr+i));
        i++;
    }

This should be corrected to:

    while(i < num) {

Also, if result is intended to be treated as a NULL-terminated string, and the cape does not include a NULL character at the end, then result should be allocated num + 1 bytes and a NULL should be explicitly appended.

paulctan commented 10 years ago

Thank you for finding that off by one bug! The code has been fixed in the repository. Thanks for bringing it up!