[PATCH v2 1/2] scripts: omap3-usb-loader: fix heap overflow

[PATCH v2 1/2] scripts: omap3-usb-loader: fix heap overflow

[Sascha Hauer]

From: Ahmad Fatoum <ahmad@a3f.at>

Newer GCC versions correctly warn that the buffer allocated by realloc
is too small. Correct the size.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
Link: https://lore.barebox.org/20230531062703.670521-3-ahmad@a3f.at
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 scripts/omap3-usb-loader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/omap3-usb-loader.c b/scripts/omap3-usb-loader.c
index a8d626c32f..31a03be8e7 100644
--- a/scripts/omap3-usb-loader.c
+++ b/scripts/omap3-usb-loader.c
@@ -784,7 +784,7 @@ int main(int argc, char *argv[])
 				file.addr = OMAP_BASE_ADDRESS;
 
 				/* commit the file object with the processor specified base address */
-				args->files = realloc(args->files, filecount);
+				args->files = realloc(args->files, filecount * sizeof(*args->files));
 				args->numfiles = filecount;
 				args->files[filecount - 1] = malloc(sizeof (file));
 				memcpy(args->files[filecount - 1], &file, sizeof (file));
-- 
2.39.2

[PATCH v2 2/2] ARM: set zero page accessible before copying ATAGs there

[Sascha Hauer]

We used skip setting up the zero page as faulting when the SDRAM
starts at 0x0. One reason for doing that was that ATAGs will be copied
there in that case. Call zero_page_access() if necessary to be able
to set the zero page to faulting during barebox startup in the next
step.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 arch/arm/lib32/armlinux.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/arm/lib32/armlinux.c b/arch/arm/lib32/armlinux.c
index 6cb7d4b5f3..eb30f4a952 100644
--- a/arch/arm/lib32/armlinux.c
+++ b/arch/arm/lib32/armlinux.c
@@ -18,6 +18,7 @@
 #include <memory.h>
 #include <of.h>
 #include <magicvar.h>
+#include <zero_page.h>
 
 #include <asm/byteorder.h>
 #include <asm/setup.h>
@@ -265,8 +266,12 @@ void start_linux(void *adr, int swap, unsigned long initrd_address,
 		pr_debug("booting kernel with devicetree\n");
 		params = oftree;
 	} else {
-		setup_tags(initrd_address, initrd_size, swap);
 		params = armlinux_get_bootparams();
+
+		if ((unsigned long)params < PAGE_SIZE)
+			zero_page_access();
+
+		setup_tags(initrd_address, initrd_size, swap);
 	}
 	architecture = armlinux_get_architecture();
 
-- 
2.39.2

Re: [PATCH v2 1/2] scripts: omap3-usb-loader: fix heap overflow

[Sascha Hauer]

Gna, forget this. Wrong patches sent.

Sascha

On Wed, May 31, 2023 at 12:26:08PM +0200, Sascha Hauer wrote:
> From: Ahmad Fatoum <ahmad@a3f.at>
> 
> Newer GCC versions correctly warn that the buffer allocated by realloc
> is too small. Correct the size.
> 
> Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
> Link: https://lore.barebox.org/20230531062703.670521-3-ahmad@a3f.at
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
>  scripts/omap3-usb-loader.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/omap3-usb-loader.c b/scripts/omap3-usb-loader.c
> index a8d626c32f..31a03be8e7 100644
> --- a/scripts/omap3-usb-loader.c
> +++ b/scripts/omap3-usb-loader.c
> @@ -784,7 +784,7 @@ int main(int argc, char *argv[])
>  				file.addr = OMAP_BASE_ADDRESS;
>  
>  				/* commit the file object with the processor specified base address */
> -				args->files = realloc(args->files, filecount);
> +				args->files = realloc(args->files, filecount * sizeof(*args->files));
>  				args->numfiles = filecount;
>  				args->files[filecount - 1] = malloc(sizeof (file));
>  				memcpy(args->files[filecount - 1], &file, sizeof (file));
> -- 
> 2.39.2
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |