[U-Boot] Bug introduced in x86 cleanup patches

Gabe Black gabeblack at google.com
Tue Nov 15 01:26:41 CET 2011


On Mon, Nov 14, 2011 at 2:10 PM, Graeme Russ <graeme.russ at gmail.com> wrote:

> Hi Wolfgang, Gabe,
>
> My recent x86 cleanup added a small, but very nasty, bug at line 231 of
> arch/x86/lib/board.c:
>
>        offset_ptr_ram = offset_ptr_rom + gd->reloc_off
>
> Because offset_ptr_rom is a pointer, when gd->reloc_off gets added, there
> is a silent 4x multiplication. The solution is (tested):
>
>        offset_ptr_ram = (Elf32_Rel *)((ulong)offset_ptr_rom
>                                + gd->reloc_off);
>
> Or (haven't tested - will test tonight):
>
>        offset_ptr_ram = offset_ptr_rom + (Elf32_Rel *)gd->reloc_off;
>
> I have two options
>  - Fix it in the existing commit. As it has not been pulled into
>    u-boot/master yet, distribution is likely limited to yourself only
>  - Add a fixup patch
>
> Thoughts?
>
> Regards,
>
> Graeme
>


I think the second one is either illegal or depends on undefined behavior.
I don't think you can add two pointers like that. The first should work,
though. Ironically I introduced this same bug in our tree a while ago and
fixed it in a separate patch. They were folded together when I sent them
upstream.

Gabe


More information about the U-Boot mailing list