FIXED: Merged all Holimans code-review issues which should fix a lot of memoryleaks.

armsrc/appmain.c

@@ -674,7 +674,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 		case CMD_SIMULATE_TAG_125K:
 			LED_A_ON();
-			SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
+			SimulateTagLowFrequency(c->arg[0], c->arg[1], 0);
 			LED_A_OFF();
 			break;
 		case CMD_LF_SIMULATE_BIDIR:

armsrc/epa.c

@@ -419,7 +419,7 @@ int EPA_Setup()
 	// return code
 	int return_code = 0;
 	// card UID
-	uint8_t uid[8];
+	uint8_t uid[10];
 	// card select information
 	iso14a_card_select_t card_select_info;
 	// power up the field

armsrc/iso14443a.c

@@ -1717,7 +1717,13 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
       // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
       // http://www.nxp.com/documents/application_note/AN10927.pdf
-      memcpy(uid_resp, uid_resp + 1, 3);
+      // This was earlier:
+	  //memcpy(uid_resp, uid_resp + 1, 3);
+	  // But memcpy should not be used for overlapping arrays,
+	  // and memmove appears to not be available in the arm build.
+	  // So this has been replaced with a for-loop:
+	  for(int xx = 0; xx < 3; xx++) 
+	     uid_resp[xx] = uid_resp[xx+1];
       uid_resp_len = 3;
     }
 
@@ -1928,7 +1934,8 @@ void ReaderMifare(bool first_try)
 	uint8_t uid[10];
 	uint32_t cuid;
 
-	uint32_t nt, previous_nt;
+	uint32_t nt = 0;
+	uint32_t previous_nt = 0;
 	static uint32_t nt_attacked = 0;
 	byte_t par_list[8] = {0,0,0,0,0,0,0,0};
 	byte_t ks_list[8] = {0,0,0,0,0,0,0,0};

armsrc/lfops.c

@@ -17,6 +17,9 @@
 #include "crapto1.h"
 #include "mifareutil.h"
 
+#define SHORT_COIL()	LOW(GPIO_SSC_DOUT)
+#define OPEN_COIL()		HIGH(GPIO_SSC_DOUT)
+
 void LFSetupFPGAForADC(int divisor, bool lf_field)
 {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@@ -56,10 +59,9 @@ void DoAcquisition125k_internal(int trigger_threshold, bool silent)
 {
 	uint8_t *dest =  mifare_get_bigbufptr();
 	int n = 24000;
-	int i;
-
+	int i = 0;
 	memset(dest, 0x00, n);
-	i = 0;
+
 	for(;;) {
 		if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
 			AT91C_BASE_SSC->SSC_THR = 0x43;
@@ -289,17 +291,17 @@ void WriteTIbyte(uint8_t b)
 	{
 		if (b&(1<<i)) {
 			// stop modulating antenna
-			LOW(GPIO_SSC_DOUT);
+			SHORT_COIL();
 			SpinDelayUs(1000);
 			// modulate antenna
-			HIGH(GPIO_SSC_DOUT);
+			OPEN_COIL();
 			SpinDelayUs(1000);
 		} else {
 			// stop modulating antenna
-			LOW(GPIO_SSC_DOUT);
+			SHORT_COIL();
 			SpinDelayUs(300);
 			// modulate antenna
-			HIGH(GPIO_SSC_DOUT);
+			OPEN_COIL();
 			SpinDelayUs(1700);
 		}
 	}
@@ -449,60 +451,57 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
 
 void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
 {
-	int i;
+	int i = 0;
 	uint8_t *buff = (uint8_t *)BigBuf;
-    
+
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-	
-	// Give it a bit of time for the resonant antenna to settle.
-	SpinDelay(150);
-	
+
+	// Configure output and enable pin that is connected to the FPGA (for modulating)
 	AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;    
 	AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
+	
 	AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;
-    
-#define SHORT_COIL()	LOW(GPIO_SSC_DOUT)
-#define OPEN_COIL()		HIGH(GPIO_SSC_DOUT)
-    
-	i = 0;
-	for(;;) {
+
+	// Give it a bit of time for the resonant antenna to settle.
+	SpinDelay(30);
+
+	for(;;) { 
+		
 		while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
-			if(BUTTON_PRESS()) {
-				DbpString("Stopped");
-				return;
-			}
-			WDT_HIT();
+			 if(BUTTON_PRESS()) {
+				 DbpString("Stopped at 0");
+				 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+				 return;
+			 }
+			 WDT_HIT();
 		}
         
-		if (ledcontrol)
-			LED_D_ON();
-        
-		if(buff[i])
+		if ( buff[i] )
 			OPEN_COIL();
 		else
 			SHORT_COIL();
-        
-		if (ledcontrol)
-			LED_D_OFF();
-        
-		while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
-			if(BUTTON_PRESS()) {
-				DbpString("Stopped");
+       
+		 while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
+			 if(BUTTON_PRESS()) {
+				DbpString("Stopped at 1");
+				FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
 				return;
 			}
 			WDT_HIT();
-		}
+		 }
         
-		i++;
+		++i;
 		if(i == period) {
 			i = 0;
 			if (gap) {
+				// turn of modulation
 				SHORT_COIL();
-				SpinDelayUs(gap);
-			}
+				// wait
+				SpinDelay(gap);
+			} 
 		}
 	}
 }
@@ -609,6 +608,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
 
 	if (ledcontrol)
 		LED_A_ON();
+	
 	SimulateTagLowFrequency(n, 0, ledcontrol);
 
 	if (ledcontrol)
@@ -793,8 +793,6 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	LFSetupFPGAForADC(0, true);
 
 	while(!BUTTON_PRESS()) {
-
-
 		WDT_HIT();
 		if (ledcontrol) LED_A_ON();
 

armsrc/util.c

@@ -265,7 +265,7 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers
 {
 	struct version_information *v = (struct version_information*)version_information;
 	dst[0] = 0;
-	strncat(dst, prefix, len);
+	strncat(dst, prefix, len-1);
 	if(v->magic != VERSION_INFORMATION_MAGIC) {
 		strncat(dst, "Missing/Invalid version information", len - strlen(dst) - 1);
 		return;