u-boot/common/cmd_source.c
Wolfgang Denk 54841ab50c Make sure that argv[] argument pointers are not modified.
The hush shell dynamically allocates (and re-allocates) memory for the
argument strings in the "char *argv[]" argument vector passed to
commands.  Any code that modifies these pointers will cause serious
corruption of the malloc data structures and crash U-Boot, so make
sure the compiler can check that no such modifications are being done
by changing the code into "char * const argv[]".

This modification is the result of debugging a strange crash caused
after adding a new command, which used the following argument
processing code which has been working perfectly fine in all Unix
systems since version 6 - but not so in U-Boot:

int main (int argc, char **argv)
{
	while (--argc > 0 && **++argv == '-') {
/* ====> */	while (*++*argv) {
			switch (**argv) {
			case 'd':
				debug++;
				break;
			...
			default:
				usage ();
			}
		}
	}
	...
}

The line marked "====>" will corrupt the malloc data structures and
usually cause U-Boot to crash when the next command gets executed by
the shell.  With the modification, the compiler will prevent this with
an
	error: increment of read-only location '*argv'

N.B.: The code above can be trivially rewritten like this:

	while (--argc > 0 && **++argv == '-') {
		char *arg = *argv;
		while (*++arg) {
			switch (*arg) {
			...

Signed-off-by: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
2010-07-04 23:55:42 +02:00

240 lines
5.4 KiB
C

/*
* (C) Copyright 2001
* Kyle Harris, kharris@nexus-tech.net
*
* See file CREDITS for list of people who contributed to this
* project.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*/
/*
* The "source" command allows to define "script images", i. e. files
* that contain command sequences that can be executed by the command
* interpreter. It returns the exit status of the last command
* executed from the script. This is very similar to running a shell
* script in a UNIX shell, hence the name for the command.
*/
/* #define DEBUG */
#include <common.h>
#include <command.h>
#include <image.h>
#include <malloc.h>
#include <asm/byteorder.h>
#if defined(CONFIG_8xx)
#include <mpc8xx.h>
#endif
#ifdef CONFIG_SYS_HUSH_PARSER
#include <hush.h>
#endif
int
source (ulong addr, const char *fit_uname)
{
ulong len;
image_header_t *hdr;
ulong *data;
char *cmd;
int rcode = 0;
int verify;
#if defined(CONFIG_FIT)
const void* fit_hdr;
int noffset;
const void *fit_data;
size_t fit_len;
#endif
verify = getenv_yesno ("verify");
switch (genimg_get_format ((void *)addr)) {
case IMAGE_FORMAT_LEGACY:
hdr = (image_header_t *)addr;
if (!image_check_magic (hdr)) {
puts ("Bad magic number\n");
return 1;
}
if (!image_check_hcrc (hdr)) {
puts ("Bad header crc\n");
return 1;
}
if (verify) {
if (!image_check_dcrc (hdr)) {
puts ("Bad data crc\n");
return 1;
}
}
if (!image_check_type (hdr, IH_TYPE_SCRIPT)) {
puts ("Bad image type\n");
return 1;
}
/* get length of script */
data = (ulong *)image_get_data (hdr);
if ((len = uimage_to_cpu (*data)) == 0) {
puts ("Empty Script\n");
return 1;
}
/*
* scripts are just multi-image files with one component, seek
* past the zero-terminated sequence of image lengths to get
* to the actual image data
*/
while (*data++);
break;
#if defined(CONFIG_FIT)
case IMAGE_FORMAT_FIT:
if (fit_uname == NULL) {
puts ("No FIT subimage unit name\n");
return 1;
}
fit_hdr = (const void *)addr;
if (!fit_check_format (fit_hdr)) {
puts ("Bad FIT image format\n");
return 1;
}
/* get script component image node offset */
noffset = fit_image_get_node (fit_hdr, fit_uname);
if (noffset < 0) {
printf ("Can't find '%s' FIT subimage\n", fit_uname);
return 1;
}
if (!fit_image_check_type (fit_hdr, noffset, IH_TYPE_SCRIPT)) {
puts ("Not a image image\n");
return 1;
}
/* verify integrity */
if (verify) {
if (!fit_image_check_hashes (fit_hdr, noffset)) {
puts ("Bad Data Hash\n");
return 1;
}
}
/* get script subimage data address and length */
if (fit_image_get_data (fit_hdr, noffset, &fit_data, &fit_len)) {
puts ("Could not find script subimage data\n");
return 1;
}
data = (ulong *)fit_data;
len = (ulong)fit_len;
break;
#endif
default:
puts ("Wrong image format for \"source\" command\n");
return 1;
}
debug ("** Script length: %ld\n", len);
if ((cmd = malloc (len + 1)) == NULL) {
return 1;
}
/* make sure cmd is null terminated */
memmove (cmd, (char *)data, len);
*(cmd + len) = 0;
#ifdef CONFIG_SYS_HUSH_PARSER /*?? */
rcode = parse_string_outer (cmd, FLAG_PARSE_SEMICOLON);
#else
{
char *line = cmd;
char *next = cmd;
/*
* break into individual lines,
* and execute each line;
* terminate on error.
*/
while (*next) {
if (*next == '\n') {
*next = '\0';
/* run only non-empty commands */
if (*line) {
debug ("** exec: \"%s\"\n",
line);
if (run_command (line, 0) < 0) {
rcode = 1;
break;
}
}
line = next + 1;
}
++next;
}
if (rcode == 0 && *line)
rcode = (run_command(line, 0) >= 0);
}
#endif
free (cmd);
return rcode;
}
/**************************************************/
#if defined(CONFIG_CMD_SOURCE)
int
do_source (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
ulong addr;
int rcode;
const char *fit_uname = NULL;
/* Find script image */
if (argc < 2) {
addr = CONFIG_SYS_LOAD_ADDR;
debug ("* source: default load address = 0x%08lx\n", addr);
#if defined(CONFIG_FIT)
} else if (fit_parse_subimage (argv[1], load_addr, &addr, &fit_uname)) {
debug ("* source: subimage '%s' from FIT image at 0x%08lx\n",
fit_uname, addr);
#endif
} else {
addr = simple_strtoul(argv[1], NULL, 16);
debug ("* source: cmdline image address = 0x%08lx\n", addr);
}
printf ("## Executing script at %08lx\n", addr);
rcode = source (addr, fit_uname);
return rcode;
}
U_BOOT_CMD(
source, 2, 0, do_source,
"run script from memory",
"[addr]\n"
"\t- run script starting at addr\n"
"\t- A valid image header must be present"
#if defined(CONFIG_FIT)
"\n"
"For FIT format uImage addr must include subimage\n"
"unit name in the form of addr:<subimg_uname>"
#endif
);
#endif