* [PATCH] ubiformat: get buffer from malloc
@ 2013-03-25 15:15 Jan Weitzel
2013-03-25 15:25 ` Jan Weitzel
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Jan Weitzel @ 2013-03-25 15:15 UTC (permalink / raw)
To: barebox
There was a erase block sized (here 131072) char buf array on the stack.
Changed this to get the space from malloc preventing stack overflows.
Also fix a wrong return without clean up.
Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
---
commands/ubiformat.c | 22 +++++++++++++++-------
1 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/commands/ubiformat.c b/commands/ubiformat.c
index 47941be..121816f 100644
--- a/commands/ubiformat.c
+++ b/commands/ubiformat.c
@@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in
static int flash_image(const struct mtd_dev_info *mtd,
const struct ubigen_info *ui, struct ubi_scan_info *si)
{
- int fd, img_ebs, eb, written_ebs = 0, divisor;
+ int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
off_t st_size;
+ char *buf = NULL;
fd = open_file(&st_size);
if (fd < 0)
return fd;
+ buf = malloc(mtd->eb_size);
+ if (!buf) {
+ sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
+ goto out_close;
+ }
+
img_ebs = st_size / mtd->eb_size;
if (img_ebs > si->good_cnt) {
@@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
}
if (st_size % mtd->eb_size) {
- return sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of ""eraseblock size (%d bytes)",
- args.image, (long long)st_size, mtd->eb_size);
+ sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
+ "eraseblock size (%d bytes)",
+ args.image, (long long)st_size, mtd->eb_size);
goto out_close;
}
@@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
divisor = img_ebs;
for (eb = 0; eb < mtd->eb_cnt; eb++) {
int err, new_len;
- char buf[mtd->eb_size];
long long ec;
if (!args.quiet && !args.verbose) {
@@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
if (!args.quiet && !args.verbose)
printf("\n");
- close(fd);
- return eb + 1;
+
+ ret = eb + 1;
out_close:
+ free(buf);
close(fd);
- return -1;
+ return ret;
}
static int format(const struct mtd_dev_info *mtd,
--
1.7.0.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ubiformat: get buffer from malloc
2013-03-25 15:15 [PATCH] ubiformat: get buffer from malloc Jan Weitzel
@ 2013-03-25 15:25 ` Jan Weitzel
2013-03-25 15:32 ` Alexander Aring
2013-03-27 8:04 ` Sascha Hauer
2 siblings, 0 replies; 5+ messages in thread
From: Jan Weitzel @ 2013-03-25 15:25 UTC (permalink / raw)
To: barebox
Am Montag, den 25.03.2013, 16:15 +0100 schrieb Jan Weitzel:
> There was a erase block sized (here 131072) char buf array on the stack.
> Changed this to get the space from malloc preventing stack overflows.
> Also fix a wrong return without clean up.
>
btw the command works fine with the stack overflow till CONFIG_MMU_EARLY
was turned on.
Jan
> Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
> ---
> commands/ubiformat.c | 22 +++++++++++++++-------
> 1 files changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> index 47941be..121816f 100644
> --- a/commands/ubiformat.c
> +++ b/commands/ubiformat.c
> @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in
> static int flash_image(const struct mtd_dev_info *mtd,
> const struct ubigen_info *ui, struct ubi_scan_info *si)
> {
> - int fd, img_ebs, eb, written_ebs = 0, divisor;
> + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> off_t st_size;
> + char *buf = NULL;
>
> fd = open_file(&st_size);
> if (fd < 0)
> return fd;
>
> + buf = malloc(mtd->eb_size);
> + if (!buf) {
> + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> + goto out_close;
> + }
> +
> img_ebs = st_size / mtd->eb_size;
>
> if (img_ebs > si->good_cnt) {
> @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
> }
>
> if (st_size % mtd->eb_size) {
> - return sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of ""eraseblock size (%d bytes)",
> - args.image, (long long)st_size, mtd->eb_size);
> + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
> + "eraseblock size (%d bytes)",
> + args.image, (long long)st_size, mtd->eb_size);
> goto out_close;
> }
>
> @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
> divisor = img_ebs;
> for (eb = 0; eb < mtd->eb_cnt; eb++) {
> int err, new_len;
> - char buf[mtd->eb_size];
> long long ec;
>
> if (!args.quiet && !args.verbose) {
> @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
>
> if (!args.quiet && !args.verbose)
> printf("\n");
> - close(fd);
> - return eb + 1;
> +
> + ret = eb + 1;
>
> out_close:
> + free(buf);
> close(fd);
> - return -1;
> + return ret;
> }
>
> static int format(const struct mtd_dev_info *mtd,
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ubiformat: get buffer from malloc
2013-03-25 15:15 [PATCH] ubiformat: get buffer from malloc Jan Weitzel
2013-03-25 15:25 ` Jan Weitzel
@ 2013-03-25 15:32 ` Alexander Aring
2013-03-25 15:34 ` Alexander Aring
2013-03-27 8:04 ` Sascha Hauer
2 siblings, 1 reply; 5+ messages in thread
From: Alexander Aring @ 2013-03-25 15:32 UTC (permalink / raw)
To: Jan Weitzel; +Cc: barebox
Hi,
On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> There was a erase block sized (here 131072) char buf array on the stack.
> Changed this to get the space from malloc preventing stack overflows.
> Also fix a wrong return without clean up.
>
> Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
> ---
> commands/ubiformat.c | 22 +++++++++++++++-------
> 1 files changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> index 47941be..121816f 100644
> --- a/commands/ubiformat.c
> +++ b/commands/ubiformat.c
> @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in
> static int flash_image(const struct mtd_dev_info *mtd,
> const struct ubigen_info *ui, struct ubi_scan_info *si)
> {
> - int fd, img_ebs, eb, written_ebs = 0, divisor;
> + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> off_t st_size;
> + char *buf = NULL;
>
> fd = open_file(&st_size);
> if (fd < 0)
> return fd;
>
> + buf = malloc(mtd->eb_size);
> + if (!buf) {
> + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> + goto out_close;
meep, out_close will call free(buf). You need to add a new label above
free(buf);
> + }
> +
> img_ebs = st_size / mtd->eb_size;
>
> if (img_ebs > si->good_cnt) {
> @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
> }
>
> if (st_size % mtd->eb_size) {
> - return sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of ""eraseblock size (%d bytes)",
> - args.image, (long long)st_size, mtd->eb_size);
> + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
> + "eraseblock size (%d bytes)",
> + args.image, (long long)st_size, mtd->eb_size);
> goto out_close;
> }
>
> @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
> divisor = img_ebs;
> for (eb = 0; eb < mtd->eb_cnt; eb++) {
> int err, new_len;
> - char buf[mtd->eb_size];
> long long ec;
>
> if (!args.quiet && !args.verbose) {
> @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
>
> if (!args.quiet && !args.verbose)
> printf("\n");
> - close(fd);
> - return eb + 1;
> +
> + ret = eb + 1;
>
> out_close:
> + free(buf);
here!
> close(fd);
> - return -1;
> + return ret;
> }
>
> static int format(const struct mtd_dev_info *mtd,
> --
> 1.7.0.4
>
>
Alex
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ubiformat: get buffer from malloc
2013-03-25 15:32 ` Alexander Aring
@ 2013-03-25 15:34 ` Alexander Aring
0 siblings, 0 replies; 5+ messages in thread
From: Alexander Aring @ 2013-03-25 15:34 UTC (permalink / raw)
To: Jan Weitzel; +Cc: barebox
On Mon, Mar 25, 2013 at 04:32:15PM +0100, Alexander Aring wrote:
> Hi,
>
> On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> > There was a erase block sized (here 131072) char buf array on the stack.
> > Changed this to get the space from malloc preventing stack overflows.
> > Also fix a wrong return without clean up.
> >
> > Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
> > ---
> > commands/ubiformat.c | 22 +++++++++++++++-------
> > 1 files changed, 15 insertions(+), 7 deletions(-)
> >
> > diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> > index 47941be..121816f 100644
> > --- a/commands/ubiformat.c
> > +++ b/commands/ubiformat.c
> > @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in
> > static int flash_image(const struct mtd_dev_info *mtd,
> > const struct ubigen_info *ui, struct ubi_scan_info *si)
> > {
> > - int fd, img_ebs, eb, written_ebs = 0, divisor;
> > + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> > off_t st_size;
> > + char *buf = NULL;
> >
> > fd = open_file(&st_size);
> > if (fd < 0)
> > return fd;
> >
> > + buf = malloc(mtd->eb_size);
> > + if (!buf) {
> > + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> > + goto out_close;
>
> meep, out_close will call free(buf). You need to add a new label above
> free(buf);
>
ah, free is null proofed sry.
Alex
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ubiformat: get buffer from malloc
2013-03-25 15:15 [PATCH] ubiformat: get buffer from malloc Jan Weitzel
2013-03-25 15:25 ` Jan Weitzel
2013-03-25 15:32 ` Alexander Aring
@ 2013-03-27 8:04 ` Sascha Hauer
2 siblings, 0 replies; 5+ messages in thread
From: Sascha Hauer @ 2013-03-27 8:04 UTC (permalink / raw)
To: Jan Weitzel; +Cc: barebox
On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> There was a erase block sized (here 131072) char buf array on the stack.
> Changed this to get the space from malloc preventing stack overflows.
> Also fix a wrong return without clean up.
>
> Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
Applied, thanks
Sascha
> ---
> commands/ubiformat.c | 22 +++++++++++++++-------
> 1 files changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> index 47941be..121816f 100644
> --- a/commands/ubiformat.c
> +++ b/commands/ubiformat.c
> @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in
> static int flash_image(const struct mtd_dev_info *mtd,
> const struct ubigen_info *ui, struct ubi_scan_info *si)
> {
> - int fd, img_ebs, eb, written_ebs = 0, divisor;
> + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> off_t st_size;
> + char *buf = NULL;
>
> fd = open_file(&st_size);
> if (fd < 0)
> return fd;
>
> + buf = malloc(mtd->eb_size);
> + if (!buf) {
> + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> + goto out_close;
> + }
> +
> img_ebs = st_size / mtd->eb_size;
>
> if (img_ebs > si->good_cnt) {
> @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
> }
>
> if (st_size % mtd->eb_size) {
> - return sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of ""eraseblock size (%d bytes)",
> - args.image, (long long)st_size, mtd->eb_size);
> + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
> + "eraseblock size (%d bytes)",
> + args.image, (long long)st_size, mtd->eb_size);
> goto out_close;
> }
>
> @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
> divisor = img_ebs;
> for (eb = 0; eb < mtd->eb_cnt; eb++) {
> int err, new_len;
> - char buf[mtd->eb_size];
> long long ec;
>
> if (!args.quiet && !args.verbose) {
> @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
>
> if (!args.quiet && !args.verbose)
> printf("\n");
> - close(fd);
> - return eb + 1;
> +
> + ret = eb + 1;
>
> out_close:
> + free(buf);
> close(fd);
> - return -1;
> + return ret;
> }
>
> static int format(const struct mtd_dev_info *mtd,
> --
> 1.7.0.4
>
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-03-27 8:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-25 15:15 [PATCH] ubiformat: get buffer from malloc Jan Weitzel
2013-03-25 15:25 ` Jan Weitzel
2013-03-25 15:32 ` Alexander Aring
2013-03-25 15:34 ` Alexander Aring
2013-03-27 8:04 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox