diff --git a/src/target/image.c b/src/target/image.c index d51e8743b..b9e641b33 100644 --- a/src/target/image.c +++ b/src/target/image.c @@ -8,6 +8,9 @@ * Copyright (C) 2008 by Spencer Oliver * * spen@spen-soft.co.uk * * * + * Copyright (C) 2009 by Franck Hereson * + * franck.hereson@secad.fr * + * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * @@ -196,6 +199,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; @@ -252,6 +261,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; @@ -292,6 +307,12 @@ static int image_ihex_buffer_complete(image_t *image) if (section[image->num_sections].size != 0) { image->num_sections++; + if (image->num_sections >= IMAGE_MAX_SECTIONS) + { + /* too many sections */ + LOG_ERROR("Too many sections found in IHEX file"); + return ERROR_IMAGE_FORMAT_ERROR; + } section[image->num_sections].size = 0x0; section[image->num_sections].flags = 0; section[image->num_sections].private = &ihex->buffer[cooked_bytes]; diff --git a/src/target/image.h b/src/target/image.h index d90b544a4..551524e30 100644 --- a/src/target/image.h +++ b/src/target/image.h @@ -33,7 +33,7 @@ #endif #define IMAGE_MAX_ERROR_STRING (256) -#define IMAGE_MAX_SECTIONS (128) +#define IMAGE_MAX_SECTIONS (512) #define IMAGE_MEMORY_CACHE_SIZE (2048)