https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365381#M666 <HTML><HEAD></HEAD><BODY><P>Hi, Bjorn</P><P>I apologize for the late response, are you still having the same issue?</P><P>Regards</P><P>Patricia</P></BODY></HTML> Tue, 05 May 2015 18:03:07 GMT PatriciaTeran 2015-05-05T18:03:07Z https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365378#M663 <HTML><HEAD></HEAD><BODY><P>As far as I can tell, there will be a buffer overrun if the user writes IO_MAXLINE number of characters due to the line </P><P>temp_buf[i + 1] = '\0';</P></BODY></HTML> Fri, 06 Mar 2015 15:01:04 GMT https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365378#M663 björnhammarberg 2015-03-06T15:01:04Z https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365379#M664 <HTML><HEAD></HEAD><BODY><P>Hi Bjorn,</P><P></P><P>I don't see the problem here. Could you explain?</P><P></P><P>Regards,</P><P>Carlos</P></BODY></HTML> Wed, 11 Mar 2015 19:04:35 GMT https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365379#M664 Carlos_Musich 2015-03-11T19:04:35Z https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365380#M665 <HTML><HEAD></HEAD><BODY><P>Certainly. I have included the source for clarity.</P><P></P><P>The temp_buf buffer is IO_MAXLINE characters long [0..IO_MAXLINE-1].</P><P>The for loop allows characters to be entered from 0 to IO_MAXLINE-1.</P><P>If the input stream provides characters continuously and none of them is a newline '\n', the loop will eventually enter at i = IO_MAXLINE-1.</P><P>Following that, the erroneous line will be executed with this value of i.</P><P>This results in an end-of-string character '\0' being put at temp_buf[IO_MAXLINE] which is *outside* of the buffer!</P><P>This results in either the ap variable or some stack-stored registers (I am not sure of the "direction" of the buffer overrun) getting altered which, either way, can not be desirable.</P><P>Nonetheless, there is a (potential) buffer overrun and I think it should be removed.</P><P></P><P>All the best,</P><P>Björn</P><P></P><P>int debug_scanf(const char&nbsp; *fmt_ptr, ...)</P><P>{</P><P>&nbsp;&nbsp;&nbsp; char&nbsp;&nbsp;&nbsp; temp_buf[IO_MAXLINE];</P><P>&nbsp;&nbsp;&nbsp; va_list ap;</P><P>&nbsp;&nbsp;&nbsp; uint32_t i;</P><P>&nbsp;&nbsp;&nbsp; char result;</P><P></P><P>&nbsp;&nbsp;&nbsp; va_start(ap, fmt_ptr);</P><P>&nbsp;&nbsp;&nbsp; temp_buf[0] = '\0';</P><P></P><P>&nbsp;&nbsp;&nbsp; for (i = 0; i &lt; IO_MAXLINE; i++)</P><P>&nbsp;&nbsp;&nbsp; {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; temp_buf[i] = result = debug_getchar();</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (result == '\n')</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* End of Line */</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; temp_buf[i + 1] = '\0';</P><P>&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; result = scan_prv(temp_buf, (char *)fmt_ptr, ap);</P><P>&nbsp;&nbsp;&nbsp; va_end(ap);</P><P></P><P>&nbsp;&nbsp; return result;</P><P>}</P></BODY></HTML> Thu, 12 Mar 2015 08:18:32 GMT https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365380#M665 björnhammarberg 2015-03-12T08:18:32Z https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365381#M666 <HTML><HEAD></HEAD><BODY><P>Hi, Bjorn</P><P>I apologize for the late response, are you still having the same issue?</P><P>Regards</P><P>Patricia</P></BODY></HTML> Tue, 05 May 2015 18:03:07 GMT https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365381#M666 PatriciaTeran 2015-05-05T18:03:07Z https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365382#M667 <HTML><HEAD></HEAD><BODY><P>Sorry for even later response. </P><P>What do you mean by "still"? As far as I understand, the code is in error until it is fixed. Have you fixed it?</P></BODY></HTML> Thu, 05 Nov 2015 15:17:04 GMT https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365382#M667 björnhammarberg 2015-11-05T15:17:04Z https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365383#M668 <HTML><HEAD></HEAD><BODY><P>Hi Bjorn,</P><P></P><P>This is solved in KSDK1.3.</P><P></P><P>Thanks for your comments.</P><P></P><P><BR />Best regards,<BR />Carlos</P><P></P><P>-----------------------------------------------------------------------------------------------------------------------<BR />Note: If this post answers your question, please click the Correct Answer button. Thank you!<BR />-----------------------------------------------------------------------------------------------------------------------</P></BODY></HTML> Tue, 17 Nov 2015 18:26:13 GMT https://community.nxp.com/t5/Kinetis-Software-Development-Kit/buffer-overrun-in-KSDK-1-1-fsl-debug-console-c-debug-scanf/m-p/365383#M668 Carlos_Musich 2015-11-17T18:26:13Z