mirror of
https://source.denx.de/u-boot/u-boot.git
synced 2025-10-24 14:01:56 +02:00
The hush shell dynamically allocates (and re-allocates) memory for the argument strings in the "char *argv[]" argument vector passed to commands. Any code that modifies these pointers will cause serious corruption of the malloc data structures and crash U-Boot, so make sure the compiler can check that no such modifications are being done by changing the code into "char * const argv[]". This modification is the result of debugging a strange crash caused after adding a new command, which used the following argument processing code which has been working perfectly fine in all Unix systems since version 6 - but not so in U-Boot: int main (int argc, char **argv) { while (--argc > 0 && **++argv == '-') { /* ====> */ while (*++*argv) { switch (**argv) { case 'd': debug++; break; ... default: usage (); } } } ... } The line marked "====>" will corrupt the malloc data structures and usually cause U-Boot to crash when the next command gets executed by the shell. With the modification, the compiler will prevent this with an error: increment of read-only location '*argv' N.B.: The code above can be trivially rewritten like this: while (--argc > 0 && **++argv == '-') { char *arg = *argv; while (*++arg) { switch (*arg) { ... Signed-off-by: Wolfgang Denk <wd@denx.de> Acked-by: Mike Frysinger <vapier@gentoo.org>
240 lines
5.4 KiB
C
240 lines
5.4 KiB
C
/*
|
|
* (C) Copyright 2001
|
|
* Kyle Harris, kharris@nexus-tech.net
|
|
*
|
|
* See file CREDITS for list of people who contributed to this
|
|
* project.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation; either version 2 of
|
|
* the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
|
|
* MA 02111-1307 USA
|
|
*/
|
|
|
|
/*
|
|
* The "source" command allows to define "script images", i. e. files
|
|
* that contain command sequences that can be executed by the command
|
|
* interpreter. It returns the exit status of the last command
|
|
* executed from the script. This is very similar to running a shell
|
|
* script in a UNIX shell, hence the name for the command.
|
|
*/
|
|
|
|
/* #define DEBUG */
|
|
|
|
#include <common.h>
|
|
#include <command.h>
|
|
#include <image.h>
|
|
#include <malloc.h>
|
|
#include <asm/byteorder.h>
|
|
#if defined(CONFIG_8xx)
|
|
#include <mpc8xx.h>
|
|
#endif
|
|
#ifdef CONFIG_SYS_HUSH_PARSER
|
|
#include <hush.h>
|
|
#endif
|
|
|
|
int
|
|
source (ulong addr, const char *fit_uname)
|
|
{
|
|
ulong len;
|
|
image_header_t *hdr;
|
|
ulong *data;
|
|
char *cmd;
|
|
int rcode = 0;
|
|
int verify;
|
|
#if defined(CONFIG_FIT)
|
|
const void* fit_hdr;
|
|
int noffset;
|
|
const void *fit_data;
|
|
size_t fit_len;
|
|
#endif
|
|
|
|
verify = getenv_yesno ("verify");
|
|
|
|
switch (genimg_get_format ((void *)addr)) {
|
|
case IMAGE_FORMAT_LEGACY:
|
|
hdr = (image_header_t *)addr;
|
|
|
|
if (!image_check_magic (hdr)) {
|
|
puts ("Bad magic number\n");
|
|
return 1;
|
|
}
|
|
|
|
if (!image_check_hcrc (hdr)) {
|
|
puts ("Bad header crc\n");
|
|
return 1;
|
|
}
|
|
|
|
if (verify) {
|
|
if (!image_check_dcrc (hdr)) {
|
|
puts ("Bad data crc\n");
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
if (!image_check_type (hdr, IH_TYPE_SCRIPT)) {
|
|
puts ("Bad image type\n");
|
|
return 1;
|
|
}
|
|
|
|
/* get length of script */
|
|
data = (ulong *)image_get_data (hdr);
|
|
|
|
if ((len = uimage_to_cpu (*data)) == 0) {
|
|
puts ("Empty Script\n");
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* scripts are just multi-image files with one component, seek
|
|
* past the zero-terminated sequence of image lengths to get
|
|
* to the actual image data
|
|
*/
|
|
while (*data++);
|
|
break;
|
|
#if defined(CONFIG_FIT)
|
|
case IMAGE_FORMAT_FIT:
|
|
if (fit_uname == NULL) {
|
|
puts ("No FIT subimage unit name\n");
|
|
return 1;
|
|
}
|
|
|
|
fit_hdr = (const void *)addr;
|
|
if (!fit_check_format (fit_hdr)) {
|
|
puts ("Bad FIT image format\n");
|
|
return 1;
|
|
}
|
|
|
|
/* get script component image node offset */
|
|
noffset = fit_image_get_node (fit_hdr, fit_uname);
|
|
if (noffset < 0) {
|
|
printf ("Can't find '%s' FIT subimage\n", fit_uname);
|
|
return 1;
|
|
}
|
|
|
|
if (!fit_image_check_type (fit_hdr, noffset, IH_TYPE_SCRIPT)) {
|
|
puts ("Not a image image\n");
|
|
return 1;
|
|
}
|
|
|
|
/* verify integrity */
|
|
if (verify) {
|
|
if (!fit_image_check_hashes (fit_hdr, noffset)) {
|
|
puts ("Bad Data Hash\n");
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
/* get script subimage data address and length */
|
|
if (fit_image_get_data (fit_hdr, noffset, &fit_data, &fit_len)) {
|
|
puts ("Could not find script subimage data\n");
|
|
return 1;
|
|
}
|
|
|
|
data = (ulong *)fit_data;
|
|
len = (ulong)fit_len;
|
|
break;
|
|
#endif
|
|
default:
|
|
puts ("Wrong image format for \"source\" command\n");
|
|
return 1;
|
|
}
|
|
|
|
debug ("** Script length: %ld\n", len);
|
|
|
|
if ((cmd = malloc (len + 1)) == NULL) {
|
|
return 1;
|
|
}
|
|
|
|
/* make sure cmd is null terminated */
|
|
memmove (cmd, (char *)data, len);
|
|
*(cmd + len) = 0;
|
|
|
|
#ifdef CONFIG_SYS_HUSH_PARSER /*?? */
|
|
rcode = parse_string_outer (cmd, FLAG_PARSE_SEMICOLON);
|
|
#else
|
|
{
|
|
char *line = cmd;
|
|
char *next = cmd;
|
|
|
|
/*
|
|
* break into individual lines,
|
|
* and execute each line;
|
|
* terminate on error.
|
|
*/
|
|
while (*next) {
|
|
if (*next == '\n') {
|
|
*next = '\0';
|
|
/* run only non-empty commands */
|
|
if (*line) {
|
|
debug ("** exec: \"%s\"\n",
|
|
line);
|
|
if (run_command (line, 0) < 0) {
|
|
rcode = 1;
|
|
break;
|
|
}
|
|
}
|
|
line = next + 1;
|
|
}
|
|
++next;
|
|
}
|
|
if (rcode == 0 && *line)
|
|
rcode = (run_command(line, 0) >= 0);
|
|
}
|
|
#endif
|
|
free (cmd);
|
|
return rcode;
|
|
}
|
|
|
|
/**************************************************/
|
|
#if defined(CONFIG_CMD_SOURCE)
|
|
int
|
|
do_source (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
|
|
{
|
|
ulong addr;
|
|
int rcode;
|
|
const char *fit_uname = NULL;
|
|
|
|
/* Find script image */
|
|
if (argc < 2) {
|
|
addr = CONFIG_SYS_LOAD_ADDR;
|
|
debug ("* source: default load address = 0x%08lx\n", addr);
|
|
#if defined(CONFIG_FIT)
|
|
} else if (fit_parse_subimage (argv[1], load_addr, &addr, &fit_uname)) {
|
|
debug ("* source: subimage '%s' from FIT image at 0x%08lx\n",
|
|
fit_uname, addr);
|
|
#endif
|
|
} else {
|
|
addr = simple_strtoul(argv[1], NULL, 16);
|
|
debug ("* source: cmdline image address = 0x%08lx\n", addr);
|
|
}
|
|
|
|
printf ("## Executing script at %08lx\n", addr);
|
|
rcode = source (addr, fit_uname);
|
|
return rcode;
|
|
}
|
|
|
|
U_BOOT_CMD(
|
|
source, 2, 0, do_source,
|
|
"run script from memory",
|
|
"[addr]\n"
|
|
"\t- run script starting at addr\n"
|
|
"\t- A valid image header must be present"
|
|
#if defined(CONFIG_FIT)
|
|
"\n"
|
|
"For FIT format uImage addr must include subimage\n"
|
|
"unit name in the form of addr:<subimg_uname>"
|
|
#endif
|
|
);
|
|
#endif
|