Bootloader failure bug

Anonymous · ‎Dec 15, 2011

I found a way to crash the bootloader when using the I2C interface. In fact, this should affect any bootloader. The CYBTLDR_COMMAND_DATA command does not restrict the user from appending data past the dataBuffer boundary. This will cause unexpected behavior. In the case of my I2C bootloader, I2C NAKs data from all further transfers, preventing it from performing any command. Although this can be considered an user error, but the result is a complete failure, which is unacceptable for a bootloader.

Original code:

case CYBTLDR_COMMAND_DATA:

/* We have part of a block of data. */

ackCode = CYRET_SUCCESS;

memcpy(&dataBuffer[dataOffset], &packetBuffer[CYBTLDR_DATA_ADDR], pktSize);

dataOffset += pktSize;

break;

New code:

case CYBTLDR_COMMAND_DATA:

/* We have part of a block of data. */

ackCode = CYRET_SUCCESS;

if ( (dataOffset + pktSize) < SIZEOF_COMMAND_BUFFER )

{

memcpy(&dataBuffer[dataOffset], &packetBuffer[CYBTLDR_DATA_ADDR], pktSize);

dataOffset += pktSize;

}

else

{

ackCode = CYRET_ERR_LENGTH;

}

break;

Anonymous · ‎Dec 15, 2011

CYBTLDR_COMMAND_PROGRAM needs to be fixed as well.

Anonymous · ‎Dec 15, 2011

Also, is there a way to redirect the CyComponentLibrary? We have multiple PSoC 3 users and I would like to provide a fixed copy of the library for everyone in my network.

Anonymous · ‎Dec 21, 2011

Interesting.

Bootloader failure bug

Re: Bootloader failure bug

Re: Bootloader failure bug

Re: Bootloader failure bug