I don't know where to submit these things.
I don't fully have my DFU working yet, but clearly I have a badly formatted init packet. However, the resulting behavior was quite bizarre. I isolated it to this line of code that should be enhanced so that it's more defensive, because it was causing a memory overwrite in the memcpy to the bootloader m_extended_packet buffer.
(Empirically, my m_extended_packet_length was 48, while the buffer is only of length 10.)
In dfu_init_template.c, in dfu_init_prevalidate(), please change
if (m_extended_packet_length < DFU_INIT_PACKET_EXT_LENGTH_MIN)
{
return NRF_ERROR_INVALID_LENGTH;
}
...to...
if (m_extended_packet_length < DFU_INIT_PACKET_EXT_LENGTH_MIN)
|| m_extended_packet_length > DFU_INIT_PACKET_EXT_LENGTH_MAX)
{
return NRF_ERROR_INVALID_LENGTH;
}
FWIW, the result was that this method overwrote the m_dfu data structure; hilarity ensued.
Thank you for your consideration.
