Re: [PATCH] ubiformat: get buffer from malloc
Am Montag, den 25.03.2013, 16:15 +0100 schrieb Jan Weitzel: There was a erase block sized (here 131072) char buf array on the stack. Changed this to get the space from malloc preventing stack overflows. Also fix a wrong return without clean up. btw the command works fine with the stack overflow till CONFIG_MMU_EARLY was turned on. Jan Signed-off-by: Jan Weitzel j.weit...@phytec.de --- commands/ubiformat.c | 22 +++--- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/commands/ubiformat.c b/commands/ubiformat.c index 47941be..121816f 100644 --- a/commands/ubiformat.c +++ b/commands/ubiformat.c @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in static int flash_image(const struct mtd_dev_info *mtd, const struct ubigen_info *ui, struct ubi_scan_info *si) { - int fd, img_ebs, eb, written_ebs = 0, divisor; + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1; off_t st_size; + char *buf = NULL; fd = open_file(st_size); if (fd 0) return fd; + buf = malloc(mtd-eb_size); + if (!buf) { + sys_errmsg(cannot allocate %d bytes of memory, mtd-eb_size); + goto out_close; + } + img_ebs = st_size / mtd-eb_size; if (img_ebs si-good_cnt) { @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd, } if (st_size % mtd-eb_size) { - return sys_errmsg(file \%s\ (size %lld bytes) is not multiple of eraseblock size (%d bytes), - args.image, (long long)st_size, mtd-eb_size); + sys_errmsg(file \%s\ (size %lld bytes) is not multiple of +eraseblock size (%d bytes), +args.image, (long long)st_size, mtd-eb_size); goto out_close; } @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd, divisor = img_ebs; for (eb = 0; eb mtd-eb_cnt; eb++) { int err, new_len; - char buf[mtd-eb_size]; long long ec; if (!args.quiet !args.verbose) { @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd, if (!args.quiet !args.verbose) printf(\n); - close(fd); - return eb + 1; + + ret = eb + 1; out_close: + free(buf); close(fd); - return -1; + return ret; } static int format(const struct mtd_dev_info *mtd, ___ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox
Re: [PATCH] ubiformat: get buffer from malloc
Hi, On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote: There was a erase block sized (here 131072) char buf array on the stack. Changed this to get the space from malloc preventing stack overflows. Also fix a wrong return without clean up. Signed-off-by: Jan Weitzel j.weit...@phytec.de --- commands/ubiformat.c | 22 +++--- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/commands/ubiformat.c b/commands/ubiformat.c index 47941be..121816f 100644 --- a/commands/ubiformat.c +++ b/commands/ubiformat.c @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in static int flash_image(const struct mtd_dev_info *mtd, const struct ubigen_info *ui, struct ubi_scan_info *si) { - int fd, img_ebs, eb, written_ebs = 0, divisor; + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1; off_t st_size; + char *buf = NULL; fd = open_file(st_size); if (fd 0) return fd; + buf = malloc(mtd-eb_size); + if (!buf) { + sys_errmsg(cannot allocate %d bytes of memory, mtd-eb_size); + goto out_close; meep, out_close will call free(buf). You need to add a new label above free(buf); + } + img_ebs = st_size / mtd-eb_size; if (img_ebs si-good_cnt) { @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd, } if (st_size % mtd-eb_size) { - return sys_errmsg(file \%s\ (size %lld bytes) is not multiple of eraseblock size (%d bytes), - args.image, (long long)st_size, mtd-eb_size); + sys_errmsg(file \%s\ (size %lld bytes) is not multiple of +eraseblock size (%d bytes), +args.image, (long long)st_size, mtd-eb_size); goto out_close; } @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd, divisor = img_ebs; for (eb = 0; eb mtd-eb_cnt; eb++) { int err, new_len; - char buf[mtd-eb_size]; long long ec; if (!args.quiet !args.verbose) { @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd, if (!args.quiet !args.verbose) printf(\n); - close(fd); - return eb + 1; + + ret = eb + 1; out_close: + free(buf); here! close(fd); - return -1; + return ret; } static int format(const struct mtd_dev_info *mtd, -- 1.7.0.4 Alex ___ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox
Re: [PATCH] ubiformat: get buffer from malloc
On Mon, Mar 25, 2013 at 04:32:15PM +0100, Alexander Aring wrote: Hi, On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote: There was a erase block sized (here 131072) char buf array on the stack. Changed this to get the space from malloc preventing stack overflows. Also fix a wrong return without clean up. Signed-off-by: Jan Weitzel j.weit...@phytec.de --- commands/ubiformat.c | 22 +++--- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/commands/ubiformat.c b/commands/ubiformat.c index 47941be..121816f 100644 --- a/commands/ubiformat.c +++ b/commands/ubiformat.c @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in static int flash_image(const struct mtd_dev_info *mtd, const struct ubigen_info *ui, struct ubi_scan_info *si) { - int fd, img_ebs, eb, written_ebs = 0, divisor; + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1; off_t st_size; + char *buf = NULL; fd = open_file(st_size); if (fd 0) return fd; + buf = malloc(mtd-eb_size); + if (!buf) { + sys_errmsg(cannot allocate %d bytes of memory, mtd-eb_size); + goto out_close; meep, out_close will call free(buf). You need to add a new label above free(buf); ah, free is null proofed sry. Alex ___ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox