diff options
| author | Wolfgang Denk <wd@denx.de> | 2010-06-28 22:00:46 +0200 |
|---|---|---|
| committer | Wolfgang Denk <wd@denx.de> | 2010-07-04 23:55:42 +0200 |
| commit | 54841ab50c20d6fa6c9cc3eb826989da3a22d934 (patch) | |
| tree | 400f22f0a12ff0ae6c472bed6ac648befc1744a2 /board/lwmon5 | |
| parent | b218ccb5435e64ac2318bb8b6c9594ef1cc724cd (diff) | |
Make sure that argv[] argument pointers are not modified.
The hush shell dynamically allocates (and re-allocates) memory for the
argument strings in the "char *argv[]" argument vector passed to
commands. Any code that modifies these pointers will cause serious
corruption of the malloc data structures and crash U-Boot, so make
sure the compiler can check that no such modifications are being done
by changing the code into "char * const argv[]".
This modification is the result of debugging a strange crash caused
after adding a new command, which used the following argument
processing code which has been working perfectly fine in all Unix
systems since version 6 - but not so in U-Boot:
int main (int argc, char **argv)
{
while (--argc > 0 && **++argv == '-') {
/* ====> */ while (*++*argv) {
switch (**argv) {
case 'd':
debug++;
break;
...
default:
usage ();
}
}
}
...
}
The line marked "====>" will corrupt the malloc data structures and
usually cause U-Boot to crash when the next command gets executed by
the shell. With the modification, the compiler will prevent this with
an
error: increment of read-only location '*argv'
N.B.: The code above can be trivially rewritten like this:
while (--argc > 0 && **++argv == '-') {
char *arg = *argv;
while (*++arg) {
switch (*arg) {
...
Signed-off-by: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'board/lwmon5')
| -rw-r--r-- | board/lwmon5/kbd.c | 6 | ||||
| -rw-r--r-- | board/lwmon5/lwmon5.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/board/lwmon5/kbd.c b/board/lwmon5/kbd.c index be1a1dfeb54..0e26b890b2c 100644 --- a/board/lwmon5/kbd.c +++ b/board/lwmon5/kbd.c @@ -380,7 +380,7 @@ static uchar *key_match (uchar *kbd_data) /*********************************************************************** F* Function: int do_kbd (cmd_tbl_t *cmdtp, int flag, -F* int argc, char *argv[]) P*A*Z* +F* int argc, char * const argv[]) P*A*Z* * P* Parameters: cmd_tbl_t *cmdtp P* - Pointer to our command table entry @@ -389,7 +389,7 @@ P* - If the CMD_FLAG_REPEAT bit is set, then this call is P* a repetition P* int argc P* - Argument count -P* char *argv[] +P* char * const argv[] P* - Array of the actual arguments P* P* Returnvalue: int @@ -404,7 +404,7 @@ D* Design: wd@denx.de C* Coding: wd@denx.de V* Verification: dzu@denx.de ***********************************************************************/ -int do_kbd (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) +int do_kbd (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { uchar kbd_data[KEYBD_DATALEN]; char keybd_env[2 * KEYBD_DATALEN + 1]; diff --git a/board/lwmon5/lwmon5.c b/board/lwmon5/lwmon5.c index 415e036c006..3948c13b646 100644 --- a/board/lwmon5/lwmon5.c +++ b/board/lwmon5/lwmon5.c @@ -304,7 +304,7 @@ void hw_watchdog_reset(void) gpio_write_bit(CONFIG_SYS_GPIO_WATCHDOG, val); } -int do_eeprom_wp(cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) +int do_eeprom_wp(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (argc < 2) { cmd_usage(cmdtp); |