صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
phyus
/
uboot-vybrid_public
8
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

Fix TFTP OACK code for short packets.

The old code had a loop limit overflow bug which caused a semi-
infinite loop for small packets, because in "i<len-8", "i" was signed,
but "len" was unsigned, and "len-8" became a huge number for small
values of "len".

This is a workaround which replaces broken commit 8f1bc284.

Signed-off-by: Wolfgang Denk <wd@denx.de>
Wolfgang Denk 17 سال پیش
والد
ff13ac8c7b
کامیت
60174746c6
1فایلهای تغییر یافته به همراه6 افزوده شده و 2 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 6 2
      net/tftp.c

+ 6 - 2
net/tftp.c
مشاهده فایل 

@@ -276,8 +276,12 @@ TftpHandler (uchar * pkt, unsigned dest, unsigned src, unsigned len)
 
 #endif
 
 		TftpState = STATE_OACK;
 
 		TftpServerPort = src;
 
-		/* Check for 'blksize' option */
 
-		for (i=0;i<len-8;i++) {
 
+		/*
 
+		 * Check for 'blksize' option.
 
+		 * Careful: "i" is signed, "len" is unsigned, thus
 
+		 * something like "len-8" may give a *huge* number
 
+		 */
 
+		for (i=0; i+8<len; i++) {
 
 			if (strcmp ((char*)pkt+i,"blksize") == 0) {
 
 				TftpBlkSize = (unsigned short)
 
 					simple_strtoul((char*)pkt+i+8,NULL,10);