LPCOpen for LPC17xx flaw in IAP libraries

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

LPCOpen for LPC17xx flaw in IAP libraries

跳至解决方案
1,341 次查看
lmatte
Contributor II

All the calls in IAP library (file "iap.c") have a clear astounding defect: they reserve for result data an uint32_t[4] array, while it's clear from UM10360 (sec. 32.8 IAP commands) as from way older application notes too, that the result array has to have 5 (five) elements.

This is clearly evident when you make a call to IAP for device serial number (command 58), where the result is in four 32-bit values, so since as mentioned in UM10360

Define data structure or pointers to pass IAP command table and result table to the IAP
function:
unsigned long command[5];
unsigned long output[5];

and

The first entry in the output table is
the Return Code, followed by any other results, starting with Result0.

there are 5 words written on return - beyond description, I just tested it to hold true on an LPC1769, five words are written as result.

The supplied function Chip_IAP_ReadUID() is then defective, and shouldn't be used if not patched - I won't go through what happens on stack allocated memory, and how much this is going to be critical or not: it's simply code that can lead to memory corruption and whatever can follow.

What surprises me is that LPCOpen version 2.10 dates back to 2014, and is the one supplied with latest MCUXpresso IDE package: am I the first one to note this?

标签 (3)
0 项奖励
回复
1 解答
1,194 次查看
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Luca Matteini ,

Thanks for your sharing, I agree with you.  And will report it to development team.

It seems only Chip_IAP_ReadUID() need 5 elements for result, so now the workaroud

is change result[4] under Chip_IAP_ReadPID() function, and iap_entry() function.


Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
1 回复
1,195 次查看
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Luca Matteini ,

Thanks for your sharing, I agree with you.  And will report it to development team.

It seems only Chip_IAP_ReadUID() need 5 elements for result, so now the workaroud

is change result[4] under Chip_IAP_ReadPID() function, and iap_entry() function.


Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复