[U-Boot] [PATCH] Make sure that argv[] argument pointers are not modified.
Wolfgang Denk
wd at denx.de
Sun Jul 4 23:56:55 CEST 2010
In message <1277804965-1086-1-git-send-email-wd at denx.de> you wrote:
> The hush shell dynamically allocates (and re-allocates) memory for the
> argument strings in the "char *argv[]" argument vector passed to
> commands. Any code that modifies these pointers will cause serious
> corruption of the malloc data structures and crash U-Boot, so make
> sure the compiler can check that no such modifications are being done
> by changing the code into "char * const argv[]".
>
> This modification is the result of debugging a strange crash caused
> after adding a new command, which used the following argument
> processing code which has been working perfectly fine in all Unix
> systems since version 6 - but not so in U-Boot:
>
> int main (int argc, char **argv)
> {
> while (--argc > 0 && **++argv == '-') {
> /* ====> */ while (*++*argv) {
> switch (**argv) {
> case 'd':
> debug++;
> break;
> ...
> default:
> usage ();
> }
> }
> }
> ...
> }
>
> The line marked "====>" will corrupt the malloc data structures and
> usually cause U-Boot to crash when the next command gets executed by
> the shell. With the modification, the compiler will prevent this with
> an
> error: increment of read-only location '*argv'
>
> N.B.: The code above can be trivially rewritten like this:
>
> while (--argc > 0 && **++argv == '-') {
> char *arg = *argv;
> while (*++arg) {
> switch (*arg) {
> ...
>
> Signed-off-by: Wolfgang Denk <wd at denx.de>
> ---
> api/api.c | 2 +-
> arch/arm/cpu/arm_cortexa8/mx51/clock.c | 2 +-
> arch/arm/cpu/arm_cortexa8/omap3/board.c | 2 +-
> arch/arm/lib/bootm.c | 2 +-
> arch/arm/lib/reset.c | 2 +-
> arch/avr32/cpu/cpu.c | 2 +-
> arch/avr32/lib/bootm.c | 2 +-
> arch/blackfin/cpu/bootrom-asm-offsets.c.in | 2 +-
> arch/blackfin/cpu/reset.c | 2 +-
> arch/blackfin/lib/boot.c | 2 +-
> arch/blackfin/lib/cmd_cache_dump.c | 4 +-
> arch/blackfin/lib/kgdb.c | 2 +-
> arch/i386/cpu/cpu.c | 2 +-
> arch/i386/lib/board.c | 2 +-
> arch/i386/lib/bootm.c | 2 +-
> arch/i386/lib/interrupts.c | 2 +-
> arch/i386/lib/zimage.c | 2 +-
> arch/m68k/cpu/mcf5227x/cpu.c | 2 +-
> arch/m68k/cpu/mcf523x/cpu.c | 2 +-
> arch/m68k/cpu/mcf52x2/cpu.c | 14 ++++----
> arch/m68k/cpu/mcf532x/cpu.c | 2 +-
> arch/m68k/cpu/mcf5445x/cpu.c | 2 +-
> arch/m68k/cpu/mcf547x_8x/cpu.c | 2 +-
> arch/m68k/lib/bootm.c | 2 +-
> arch/microblaze/cpu/interrupts.c | 4 +-
> arch/microblaze/lib/bootm.c | 2 +-
> arch/mips/cpu/cpu.c | 2 +-
> arch/mips/lib/bootm.c | 2 +-
> arch/mips/lib/bootm_qemu_mips.c | 2 +-
> arch/nios2/cpu/epcs.c | 14 ++++----
> arch/nios2/cpu/interrupts.c | 2 +-
> arch/nios2/cpu/sysid.c | 2 +-
> arch/nios2/lib/bootm.c | 2 +-
> arch/powerpc/cpu/74xx_7xx/cpu.c | 2 +-
> arch/powerpc/cpu/74xx_7xx/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc512x/cpu.c | 2 +-
> arch/powerpc/cpu/mpc512x/diu.c | 2 +-
> arch/powerpc/cpu/mpc512x/iim.c | 2 +-
> arch/powerpc/cpu/mpc512x/speed.c | 2 +-
> arch/powerpc/cpu/mpc5xx/cpu.c | 2 +-
> arch/powerpc/cpu/mpc5xx/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc5xxx/cpu.c | 2 +-
> arch/powerpc/cpu/mpc5xxx/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc8220/cpu.c | 2 +-
> arch/powerpc/cpu/mpc8220/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc824x/cpu.c | 2 +-
> arch/powerpc/cpu/mpc8260/bedbug_603e.c | 4 +-
> arch/powerpc/cpu/mpc8260/cpu.c | 2 +-
> arch/powerpc/cpu/mpc8260/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc83xx/cpu.c | 2 +-
> arch/powerpc/cpu/mpc83xx/ecc.c | 2 +-
> arch/powerpc/cpu/mpc83xx/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc83xx/speed.c | 2 +-
> arch/powerpc/cpu/mpc85xx/cpu.c | 2 +-
> arch/powerpc/cpu/mpc85xx/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc85xx/mp.c | 2 +-
> arch/powerpc/cpu/mpc86xx/cpu.c | 2 +-
> arch/powerpc/cpu/mpc86xx/interrupts.c | 2 +-
> arch/powerpc/cpu/mpc86xx/mp.c | 2 +-
> arch/powerpc/cpu/mpc8xx/bedbug_860.c | 4 +-
> arch/powerpc/cpu/mpc8xx/cpu.c | 4 +-
> arch/powerpc/cpu/ppc4xx/44x_spd_ddr2.c | 2 +-
> arch/powerpc/cpu/ppc4xx/bedbug_405.c | 4 +-
> arch/powerpc/cpu/ppc4xx/cmd_chip_config.c | 2 +-
> arch/powerpc/cpu/ppc4xx/cpu.c | 2 +-
> arch/powerpc/cpu/ppc4xx/interrupts.c | 2 +-
> arch/powerpc/lib/bootm.c | 4 +-
> arch/powerpc/lib/kgdb.c | 2 +-
> arch/sh/cpu/sh2/cpu.c | 2 +-
> arch/sh/cpu/sh3/cpu.c | 2 +-
> arch/sh/cpu/sh4/cpu.c | 2 +-
> arch/sh/lib/bootm.c | 2 +-
> arch/sparc/cpu/leon2/cpu.c | 2 +-
> arch/sparc/cpu/leon2/interrupts.c | 2 +-
> arch/sparc/cpu/leon3/cpu.c | 2 +-
> arch/sparc/cpu/leon3/interrupts.c | 2 +-
> arch/sparc/include/asm/prom.h | 2 +-
> arch/sparc/lib/board.c | 2 +-
> arch/sparc/lib/bootm.c | 2 +-
> board/BuS/EB+MCF-EV123/EB+MCF-EV123.c | 2 +-
> board/BuS/eb_cpux9k2/cpux9k2.c | 2 +-
> board/amcc/acadia/cmd_acadia.c | 2 +-
> board/amcc/luan/luan.c | 2 +-
> board/amcc/makalu/cmd_pll.c | 2 +-
> board/amcc/taihu/lcd.c | 8 ++--
> board/amcc/taihu/taihu.c | 4 +-
> board/amcc/taihu/update.c | 2 +-
> board/amcc/taishan/lcd.c | 14 ++++----
> board/amcc/taishan/showinfo.c | 6 ++--
> board/amcc/taishan/update.c | 2 +-
> board/amcc/yucca/cmd_yucca.c | 6 ++--
> board/amirix/ap1000/ap1000.c | 10 +++---
> board/amirix/ap1000/powerspan.c | 4 +-
> board/barco/barco.c | 2 +-
> board/bc3450/cmd_bc3450.c | 12 +++---
> board/bf537-stamp/cmd_bf537led.c | 2 +-
> board/cm-bf527/gpio.c | 2 +-
> board/cm-bf537e/flash.c | 2 +-
> board/cm-bf537u/flash.c | 2 +-
> board/cm5200/cmd_cm5200.c | 10 +++---
> board/cm5200/fwupdate.c | 8 ++--
> board/delta/delta.c | 2 +-
> board/digsy_mtc/cmd_mtc.c | 22 ++++++------
> board/eltec/bab7xx/bab7xx.c | 2 +-
> board/eltec/elppc/elppc.c | 2 +-
> board/esd/apc405/apc405.c | 2 +-
> board/esd/ar405/ar405.c | 8 ++--
> board/esd/ash405/ash405.c | 2 +-
> board/esd/canbt/canbt.c | 2 +-
> board/esd/cms700/cms700.c | 2 +-
> board/esd/common/auto_update.c | 2 +-
> board/esd/common/cmd_loadpci.c | 2 +-
> board/esd/common/lcd.c | 2 +-
> board/esd/common/xilinx_jtag/micro.c | 2 +-
> board/esd/cpci2dp/cpci2dp.c | 2 +-
> board/esd/cpci405/cpci405.c | 8 ++--
> board/esd/cpci5200/cpci5200.c | 2 +-
> board/esd/cpci750/cpci750.c | 6 ++--
> board/esd/cpci750/sdram_init.c | 2 +-
> board/esd/cpciiser4/cpciiser4.c | 2 +-
> board/esd/dasa_sim/cmd_dasa_sim.c | 2 +-
> board/esd/du405/du405.c | 2 +-
> board/esd/du440/du440.c | 16 ++++----
> board/esd/hh405/hh405.c | 4 +-
> board/esd/ocrtc/cmd_ocrtc.c | 4 +-
> board/esd/pci405/cmd_pci405.c | 2 +-
> board/esd/pci405/pci405.c | 4 +-
> board/esd/pf5200/pf5200.c | 6 ++--
> board/esd/plu405/plu405.c | 4 +-
> board/esd/pmc405de/pmc405de.c | 8 ++--
> board/esd/pmc440/cmd_pmc440.c | 18 +++++-----
> board/esd/tasreg/tasreg.c | 14 ++++----
> board/esd/vme8349/caddy.c | 2 +-
> board/esd/voh405/voh405.c | 4 +-
> board/esd/wuh405/wuh405.c | 2 +-
> board/evb64260/zuma_pbb.c | 6 ++--
> board/freescale/common/ngpixis.c | 2 +-
> board/freescale/common/pixis.c | 6 ++--
> board/freescale/common/sys_eeprom.c | 2 +-
> board/freescale/m5249evb/m5249evb.c | 2 +-
> board/freescale/mpc8610hpcd/mpc8610hpcd_diu.c | 2 +-
> board/funkwerk/vovpn-gw/vovpn-gw.c | 2 +-
> board/g2000/g2000.c | 6 ++--
> board/hymod/bsp.c | 6 ++--
> board/inka4x0/inkadiag.c | 14 ++++----
> board/keymile/km_arm/km_arm.c | 2 +-
> board/lwmon/lwmon.c | 18 +++++-----
> board/lwmon5/kbd.c | 6 ++--
> board/lwmon5/lwmon5.c | 2 +-
> board/micronas/vct/smc_eeprom.c | 6 ++--
> board/mpl/common/common_util.c | 2 +-
> board/mpl/mip405/cmd_mip405.c | 4 +-
> board/mpl/pati/cmd_pati.c | 4 +-
> board/mpl/pip405/cmd_pip405.c | 4 +-
> board/mpl/vcma9/cmd_vcma9.c | 4 +-
> board/netstar/crcit.c | 2 +-
> board/netstar/eeprom.c | 2 +-
> board/pcippc2/pcippc2.c | 4 +-
> board/pcs440ep/pcs440ep.c | 4 +-
> board/pdm360ng/pdm360ng.c | 2 +-
> board/pn62/cmd_pn62.c | 4 +-
> board/ppmc7xx/ppmc7xx.c | 2 +-
> board/prodrive/pdnb3/pdnb3.c | 4 +-
> board/pxa255_idp/pxa_idp.c | 2 +-
> board/r360mpi/r360mpi.c | 2 +-
> board/renesas/sh7785lcr/rtl8169_mac.c | 4 +-
> board/renesas/sh7785lcr/selfcheck.c | 2 +-
> board/renesas/sh7785lcr/sh7785lcr.c | 2 +-
> board/sacsng/sacsng.c | 2 +-
> board/sandburst/common/ppc440gx_i2c.c | 2 +-
> board/sandburst/karef/karef.c | 4 +-
> board/sandburst/metrobox/metrobox.c | 4 +-
> board/siemens/common/fpga.c | 2 +-
> board/siemens/pcu_e/pcu_e.c | 2 +-
> board/spear/common/spr_misc.c | 2 +-
> board/tcm-bf537/flash.c | 2 +-
> board/tqc/tqm5200/cmd_stk52xx.c | 14 ++++----
> board/tqc/tqm5200/cmd_tb5200.c | 4 +-
> board/tqc/tqm8272/tqm8272.c | 2 +-
> board/trab/cmd_trab.c | 24 +++++++-------
> board/trab/trab.c | 2 +-
> board/trab/trab_fkt.c | 34 +++++++++---------
> board/trizepsiv/eeprom.c | 6 ++--
> board/voiceblue/eeprom.c | 2 +-
> board/w7o/cmd_vpd.c | 2 +-
> board/zeus/update.c | 2 +-
> board/zeus/zeus.c | 6 ++--
> common/cmd_ambapp.c | 2 +-
> common/cmd_bdinfo.c | 16 ++++----
> common/cmd_bedbug.c | 16 ++++----
> common/cmd_bmp.c | 6 ++--
> common/cmd_boot.c | 6 ++--
> common/cmd_bootldr.c | 2 +-
> common/cmd_bootm.c | 44 ++++++++++++------------
> common/cmd_cache.c | 4 +-
> common/cmd_console.c | 2 +-
> common/cmd_cplbinfo.c | 2 +-
> common/cmd_cramfs.c | 4 +-
> common/cmd_dataflash_mmc_mux.c | 2 +-
> common/cmd_date.c | 2 +-
> common/cmd_dcr.c | 8 ++--
> common/cmd_df.c | 2 +-
> common/cmd_diag.c | 2 +-
> common/cmd_display.c | 2 +-
> common/cmd_dtt.c | 2 +-
> common/cmd_echo.c | 2 +-
> common/cmd_eeprom.c | 2 +-
> common/cmd_elf.c | 7 ++--
> common/cmd_exit.c | 2 +-
> common/cmd_ext2.c | 4 +-
> common/cmd_fat.c | 8 ++--
> common/cmd_fdc.c | 2 +-
> common/cmd_fdos.c | 4 +-
> common/cmd_fdt.c | 6 ++--
> common/cmd_flash.c | 6 ++--
> common/cmd_fpga.c | 2 +-
> common/cmd_help.c | 2 +-
> common/cmd_i2c.c | 30 ++++++++--------
> common/cmd_ide.c | 4 +-
> common/cmd_immap.c | 36 ++++++++++----------
> common/cmd_irq.c | 4 +-
> common/cmd_itest.c | 2 +-
> common/cmd_jffs2.c | 6 ++--
> common/cmd_license.c | 2 +-
> common/cmd_load.c | 8 ++--
> common/cmd_log.c | 2 +-
> common/cmd_mac.c | 2 +-
> common/cmd_mem.c | 40 +++++++++++-----------
> common/cmd_mfsl.c | 6 ++--
> common/cmd_mgdisk.c | 2 +-
> common/cmd_mii.c | 2 +-
> common/cmd_misc.c | 2 +-
> common/cmd_mmc.c | 6 ++--
> common/cmd_mp.c | 2 +-
> common/cmd_mtdparts.c | 4 +-
> common/cmd_nand.c | 6 ++--
> common/cmd_net.c | 24 +++++++-------
> common/cmd_nvedit.c | 18 +++++-----
> common/cmd_onenand.c | 20 ++++++------
> common/cmd_otp.c | 2 +-
> common/cmd_pci.c | 2 +-
> common/cmd_pcmcia.c | 2 +-
> common/cmd_portio.c | 4 +-
> common/cmd_reginfo.c | 2 +-
> common/cmd_reiser.c | 4 +-
> common/cmd_sata.c | 2 +-
> common/cmd_scsi.c | 4 +-
> common/cmd_setexpr.c | 2 +-
> common/cmd_sf.c | 8 ++--
> common/cmd_source.c | 2 +-
> common/cmd_spi.c | 2 +-
> common/cmd_spibootldr.c | 2 +-
> common/cmd_strings.c | 2 +-
> common/cmd_terminal.c | 2 +-
> common/cmd_test.c | 8 ++--
> common/cmd_tsi148.c | 2 +-
> common/cmd_ubi.c | 2 +-
> common/cmd_ubifs.c | 6 ++--
> common/cmd_universe.c | 2 +-
> common/cmd_usb.c | 4 +-
> common/cmd_version.c | 2 +-
> common/cmd_vfd.c | 2 +-
> common/cmd_ximg.c | 2 +-
> common/cmd_yaffs2.c | 24 +++++++-------
> common/command.c | 12 +++---
> common/hush.c | 10 +++---
> common/image.c | 6 ++--
> common/kgdb.c | 2 +-
> common/lcd.c | 4 +-
> common/main.c | 6 ++--
> doc/README.standalone | 2 +-
> drivers/gpio/pca953x.c | 2 +-
> drivers/misc/ds4510.c | 2 +-
> drivers/misc/fsl_pmic.c | 2 +-
> drivers/qe/qe.c | 2 +-
> examples/api/demo.c | 2 +-
> examples/standalone/82559_eeprom.c | 2 +-
> examples/standalone/atmel_df_pow2.c | 2 +-
> examples/standalone/eepro100_eeprom.c | 2 +-
> examples/standalone/hello_world.c | 2 +-
> examples/standalone/interrupt.c | 2 +-
> examples/standalone/mem_to_mem_idma2intr.c | 4 +-
> examples/standalone/smc91111_eeprom.c | 2 +-
> examples/standalone/smc911x_eeprom.c | 2 +-
> examples/standalone/stubs.c | 2 +-
> examples/standalone/test_burst.c | 2 +-
> examples/standalone/timer.c | 2 +-
> include/bedbug/type.h | 2 +-
> include/command.h | 8 ++--
> include/common.h | 2 +-
> include/exports.h | 2 +-
> include/image.h | 4 +-
> include/kgdb.h | 2 +-
> include/vxworks.h | 2 +-
> lib/vsprintf.c | 2 +-
> 295 files changed, 659 insertions(+), 658 deletions(-)
Applied.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
When the bosses talk about improving productivity, they are never
talking about themselves.
More information about the U-Boot
mailing list