gdb server: Fix buffer overrun - sprintf appends a terminating null to the data which was overrunning the supplied buffer.

Fixes regression introduced in commit 07dcd5648d146d38f9ffa619f0737587e592d0b6 Signed-off-by: Evan Hunter <ehunter@broadcom.com> Change-Id: Iec64233c0da5a044fb984c4b1803309cb636efe9 Reviewed-on: http://openocd.zylin.com/1312 Tested-by: jenkins Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
author: Evan Hunter <ehunter@broadcom.com> 2013-04-02 17:35:23 +1100
committer: Spencer Oliver <spen@spen-soft.co.uk> 2013-04-02 15:05:44 +0000
commit: 0875e64ddb1cade43c7a56d8cc6e743364b65b58 (patch)
tree: 9f481c1ea1b1311d0fccd1dd0b8d45c759f4fdd1
parent: 900f2998c8edeffa35f57696314caf0fb543a5af (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/server/gdb_server.c b/src/server/gdb_server.c
index b643ae70..cb96bf29 100644
--- a/src/server/gdb_server.c
+++ b/src/server/gdb_server.c
@@ -978,7 +978,7 @@ static int gdb_get_registers_packet(struct connection *connection,
 
 	assert(reg_packet_size > 0);
 
-	reg_packet = malloc(reg_packet_size);
+	reg_packet = malloc(reg_packet_size + 1); /* plus one for string termination null */
 	reg_packet_p = reg_packet;
 
 	for (i = 0; i < reg_list_size; i++) {
@@ -1085,7 +1085,7 @@ static int gdb_get_register_packet(struct connection *connection,
 	if (!reg_list[reg_num]->valid)
 		reg_list[reg_num]->type->get(reg_list[reg_num]);
 
-	reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2);
+	reg_packet = malloc(DIV_ROUND_UP(reg_list[reg_num]->size, 8) * 2 + 1); /* plus one for string termination null */
 
 	gdb_str_to_target(target, reg_packet, reg_list[reg_num]);
author	Evan Hunter <ehunter@broadcom.com>	2013-04-02 17:35:23 +1100
committer	Spencer Oliver <spen@spen-soft.co.uk>	2013-04-02 15:05:44 +0000
commit	0875e64ddb1cade43c7a56d8cc6e743364b65b58 (patch)
tree	9f481c1ea1b1311d0fccd1dd0b8d45c759f4fdd1
parent	900f2998c8edeffa35f57696314caf0fb543a5af (diff)