Re: [PATCH] ubiformat: get buffer from malloc
Am Montag, den 25.03.2013, 16:15 +0100 schrieb Jan Weitzel:
> There was a erase block sized (here 131072) char buf array on the stack.
> Changed this to get the space from malloc preventing stack overflows.
> Also fix a wrong return without clean up.
>
btw the command works fine with the stack overflow till CONFIG_MMU_EARLY
was turned on.
Jan
> Signed-off-by: Jan Weitzel
> ---
> commands/ubiformat.c | 22 +++---
> 1 files changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> index 47941be..121816f 100644
> --- a/commands/ubiformat.c
> +++ b/commands/ubiformat.c
> @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd,
> struct ubi_scan_info *si, in
> static int flash_image(const struct mtd_dev_info *mtd,
> const struct ubigen_info *ui, struct ubi_scan_info *si)
> {
> - int fd, img_ebs, eb, written_ebs = 0, divisor;
> + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> off_t st_size;
> + char *buf = NULL;
>
> fd = open_file(&st_size);
> if (fd < 0)
> return fd;
>
> + buf = malloc(mtd->eb_size);
> + if (!buf) {
> + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> + goto out_close;
> + }
> +
> img_ebs = st_size / mtd->eb_size;
>
> if (img_ebs > si->good_cnt) {
> @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
> }
>
> if (st_size % mtd->eb_size) {
> - return sys_errmsg("file \"%s\" (size %lld bytes) is not
> multiple of ""eraseblock size (%d bytes)",
> - args.image, (long long)st_size, mtd->eb_size);
> + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
> +"eraseblock size (%d bytes)",
> +args.image, (long long)st_size, mtd->eb_size);
> goto out_close;
> }
>
> @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
> divisor = img_ebs;
> for (eb = 0; eb < mtd->eb_cnt; eb++) {
> int err, new_len;
> - char buf[mtd->eb_size];
> long long ec;
>
> if (!args.quiet && !args.verbose) {
> @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
>
> if (!args.quiet && !args.verbose)
> printf("\n");
> - close(fd);
> - return eb + 1;
> +
> + ret = eb + 1;
>
> out_close:
> + free(buf);
> close(fd);
> - return -1;
> + return ret;
> }
>
> static int format(const struct mtd_dev_info *mtd,
___
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
Re: [PATCH] ubiformat: get buffer from malloc
Hi,
On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> There was a erase block sized (here 131072) char buf array on the stack.
> Changed this to get the space from malloc preventing stack overflows.
> Also fix a wrong return without clean up.
>
> Signed-off-by: Jan Weitzel
> ---
> commands/ubiformat.c | 22 +++---
> 1 files changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> index 47941be..121816f 100644
> --- a/commands/ubiformat.c
> +++ b/commands/ubiformat.c
> @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd,
> struct ubi_scan_info *si, in
> static int flash_image(const struct mtd_dev_info *mtd,
> const struct ubigen_info *ui, struct ubi_scan_info *si)
> {
> - int fd, img_ebs, eb, written_ebs = 0, divisor;
> + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> off_t st_size;
> + char *buf = NULL;
>
> fd = open_file(&st_size);
> if (fd < 0)
> return fd;
>
> + buf = malloc(mtd->eb_size);
> + if (!buf) {
> + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> + goto out_close;
meep, out_close will call free(buf). You need to add a new label above
free(buf);
> + }
> +
> img_ebs = st_size / mtd->eb_size;
>
> if (img_ebs > si->good_cnt) {
> @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
> }
>
> if (st_size % mtd->eb_size) {
> - return sys_errmsg("file \"%s\" (size %lld bytes) is not
> multiple of ""eraseblock size (%d bytes)",
> - args.image, (long long)st_size, mtd->eb_size);
> + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
> +"eraseblock size (%d bytes)",
> +args.image, (long long)st_size, mtd->eb_size);
> goto out_close;
> }
>
> @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
> divisor = img_ebs;
> for (eb = 0; eb < mtd->eb_cnt; eb++) {
> int err, new_len;
> - char buf[mtd->eb_size];
> long long ec;
>
> if (!args.quiet && !args.verbose) {
> @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
>
> if (!args.quiet && !args.verbose)
> printf("\n");
> - close(fd);
> - return eb + 1;
> +
> + ret = eb + 1;
>
> out_close:
> + free(buf);
here!
> close(fd);
> - return -1;
> + return ret;
> }
>
> static int format(const struct mtd_dev_info *mtd,
> --
> 1.7.0.4
>
>
Alex
___
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
Re: [PATCH] ubiformat: get buffer from malloc
On Mon, Mar 25, 2013 at 04:32:15PM +0100, Alexander Aring wrote:
> Hi,
>
> On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> > There was a erase block sized (here 131072) char buf array on the stack.
> > Changed this to get the space from malloc preventing stack overflows.
> > Also fix a wrong return without clean up.
> >
> > Signed-off-by: Jan Weitzel
> > ---
> > commands/ubiformat.c | 22 +++---
> > 1 files changed, 15 insertions(+), 7 deletions(-)
> >
> > diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> > index 47941be..121816f 100644
> > --- a/commands/ubiformat.c
> > +++ b/commands/ubiformat.c
> > @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd,
> > struct ubi_scan_info *si, in
> > static int flash_image(const struct mtd_dev_info *mtd,
> >const struct ubigen_info *ui, struct ubi_scan_info *si)
> > {
> > - int fd, img_ebs, eb, written_ebs = 0, divisor;
> > + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> > off_t st_size;
> > + char *buf = NULL;
> >
> > fd = open_file(&st_size);
> > if (fd < 0)
> > return fd;
> >
> > + buf = malloc(mtd->eb_size);
> > + if (!buf) {
> > + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> > + goto out_close;
>
> meep, out_close will call free(buf). You need to add a new label above
> free(buf);
>
ah, free is null proofed sry.
Alex
___
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
Re: [PATCH] ubiformat: get buffer from malloc
On Mon, Mar 25, 2013 at 04:15:57PM +0100, Jan Weitzel wrote:
> There was a erase block sized (here 131072) char buf array on the stack.
> Changed this to get the space from malloc preventing stack overflows.
> Also fix a wrong return without clean up.
>
> Signed-off-by: Jan Weitzel
Applied, thanks
Sascha
> ---
> commands/ubiformat.c | 22 +++---
> 1 files changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/commands/ubiformat.c b/commands/ubiformat.c
> index 47941be..121816f 100644
> --- a/commands/ubiformat.c
> +++ b/commands/ubiformat.c
> @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd,
> struct ubi_scan_info *si, in
> static int flash_image(const struct mtd_dev_info *mtd,
> const struct ubigen_info *ui, struct ubi_scan_info *si)
> {
> - int fd, img_ebs, eb, written_ebs = 0, divisor;
> + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1;
> off_t st_size;
> + char *buf = NULL;
>
> fd = open_file(&st_size);
> if (fd < 0)
> return fd;
>
> + buf = malloc(mtd->eb_size);
> + if (!buf) {
> + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size);
> + goto out_close;
> + }
> +
> img_ebs = st_size / mtd->eb_size;
>
> if (img_ebs > si->good_cnt) {
> @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd,
> }
>
> if (st_size % mtd->eb_size) {
> - return sys_errmsg("file \"%s\" (size %lld bytes) is not
> multiple of ""eraseblock size (%d bytes)",
> - args.image, (long long)st_size, mtd->eb_size);
> + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of "
> +"eraseblock size (%d bytes)",
> +args.image, (long long)st_size, mtd->eb_size);
> goto out_close;
> }
>
> @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd,
> divisor = img_ebs;
> for (eb = 0; eb < mtd->eb_cnt; eb++) {
> int err, new_len;
> - char buf[mtd->eb_size];
> long long ec;
>
> if (!args.quiet && !args.verbose) {
> @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd,
>
> if (!args.quiet && !args.verbose)
> printf("\n");
> - close(fd);
> - return eb + 1;
> +
> + ret = eb + 1;
>
> out_close:
> + free(buf);
> close(fd);
> - return -1;
> + return ret;
> }
>
> static int format(const struct mtd_dev_info *mtd,
> --
> 1.7.0.4
>
>
> ___
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0|
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917- |
___
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
