LPCOpen for LPC17xx flaw in IAP libraries

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPCOpen for LPC17xx flaw in IAP libraries

Jump to solution
955 Views
lmatte
Contributor II

All the calls in IAP library (file "iap.c") have a clear astounding defect: they reserve for result data an uint32_t[4] array, while it's clear from UM10360 (sec. 32.8 IAP commands) as from way older application notes too, that the result array has to have 5 (five) elements.

This is clearly evident when you make a call to IAP for device serial number (command 58), where the result is in four 32-bit values, so since as mentioned in UM10360

Define data structure or pointers to pass IAP command table and result table to the IAP
function:
unsigned long command[5];
unsigned long output[5];

and

The first entry in the output table is
the Return Code, followed by any other results, starting with Result0.

there are 5 words written on return - beyond description, I just tested it to hold true on an LPC1769, five words are written as result.

The supplied function Chip_IAP_ReadUID() is then defective, and shouldn't be used if not patched - I won't go through what happens on stack allocated memory, and how much this is going to be critical or not: it's simply code that can lead to memory corruption and whatever can follow.

What surprises me is that LPCOpen version 2.10 dates back to 2014, and is the one supplied with latest MCUXpresso IDE package: am I the first one to note this?

Labels (3)
0 Kudos
Reply
1 Solution
808 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Luca Matteini ,

Thanks for your sharing, I agree with you.  And will report it to development team.

It seems only Chip_IAP_ReadUID() need 5 elements for result, so now the workaroud

is change result[4] under Chip_IAP_ReadPID() function, and iap_entry() function.


Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
1 Reply
809 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Luca Matteini ,

Thanks for your sharing, I agree with you.  And will report it to development team.

It seems only Chip_IAP_ReadUID() need 5 elements for result, so now the workaroud

is change result[4] under Chip_IAP_ReadPID() function, and iap_entry() function.


Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply