search

ghent360 / RTD-2660-Programmer

Realtek RTD2660/2662 programmer
BSD 3-Clause "New" or "Revised" License
98 stars 40 forks source link

Potencial stack overflow issue #4

Closed klirichek closed 7 years ago

klirichek commented 7 years ago

In ReadReg:

uint8_t result;
ReadBytesFromAddr ( reg, &result, 1 );

in ReadBytesFromAddr ( uint8_t reg, uint8_t * dest, uint8_t len ):

...
ReadBytes ( dest ); // = which is & of local uint8_t result

in static void ReadBytes ( uint8_t * dest ):

uint8_t buf[64];
LONG buflen = sizeof(buf); // i.e. 64
...
memcpy ( dest, buf, len ); // 64 bytes from buf into 1-byte local uint8_t result, placed in ReadReg.

Other words, you've just copied 64 bytes into the local variable (result) (allocated at stack) sized 1 byte.

ghent360 commented 7 years ago

Yes you are correct, ReadBytes, just blasts the destination with 64 bytes regardless of it's size.

ghent360 commented 7 years ago

Should be fixed now.