out of bounds read in TrcPktProcStm::waitForSync in stm/trc_pkt_proc_stm.cpp #85
Description
I believe there is an out of bounds read in TrcPktProcStm::waitForSync in stm/trc_pkt_proc_stm.cpp
When processing these 2 files:
stm_only.ppl
stm_only-2.ppl
The issue is in this code:
// for a), b), c) send the none sync data then re-enter
// if out of data, or sync with some previous data, this is sent as unsynced.
m_curr_packet.setPacketType(STM_PKT_NOTSYNC,false);
if(mon_in_use.usingMonitor())
{
uint8_t nibbles_to_send = m_num_nibbles - (m_is_sync ? 22 : m_num_F_nibbles);
uint8_t bytes_to_send = (nibbles_to_send / 2) + (nibbles_to_send % 2);
for(uint8_t i = 0; i < bytes_to_send; i++)
savePacketByte(m_p_data_in[start_offset+i]);
}I think the solution is to clamp the bytes_to_send:
// for a), b), c) send the none sync data then re-enter
// if out of data, or sync with some previous data, this is sent as unsynced.
m_curr_packet.setPacketType(STM_PKT_NOTSYNC,false);
if(mon_in_use.usingMonitor())
{
uint8_t nibbles_to_send = m_num_nibbles - (m_is_sync ? 22 : m_num_F_nibbles);
uint8_t bytes_to_send = (nibbles_to_send / 2) + (nibbles_to_send % 2);
uint32_t consumed_bytes = m_data_in_used - start_offset;
if (bytes_to_send > consumed_bytes)
{
bytes_to_send = (uint8_t)consumed_bytes;
}
for(uint8_t i = 0; i < bytes_to_send; i++)
savePacketByte(m_p_data_in[start_offset+i]);
}