diff options
| author | Rob Herring <rob.herring@calxeda.com> | 2013-03-22 11:26:21 +0000 |
|---|---|---|
| committer | Tom Rini <trini@ti.com> | 2013-04-02 16:23:34 -0400 |
| commit | 60d7d5a63189c9f77a190c9965861dc15482c2d0 (patch) | |
| tree | 68bf7c543f8f282142eb7a10c700b3a3d86341fb /common/env_mmc.c | |
| parent | c17b94ec5ec89c63070dd385b6c3a6645761c405 (diff) | |
| download | u-boot-midas-60d7d5a63189c9f77a190c9965861dc15482c2d0.tar.gz u-boot-midas-60d7d5a63189c9f77a190c9965861dc15482c2d0.tar.bz2 u-boot-midas-60d7d5a63189c9f77a190c9965861dc15482c2d0.zip | |
env: fix potential stack overflow in environment functions
Most of the various environment functions create CONFIG_ENV_SIZE buffers on
the stack. At least on ARM and PPC which have 4KB stacks, this can overflow
the stack if we have large environment sizes. So move all the buffers off
the stack to static buffers.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Diffstat (limited to 'common/env_mmc.c')
| -rw-r--r-- | common/env_mmc.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/common/env_mmc.c b/common/env_mmc.c index 02bd5aed10..f5680134b2 100644 --- a/common/env_mmc.c +++ b/common/env_mmc.c @@ -40,6 +40,8 @@ env_t *env_ptr = &environment; env_t *env_ptr; #endif /* ENV_IS_EMBEDDED */ +DEFINE_CACHE_ALIGN_BUFFER(char, env_buf, CONFIG_ENV_SIZE); + DECLARE_GLOBAL_DATA_PTR; #if !defined(CONFIG_ENV_OFFSET) @@ -112,7 +114,7 @@ static inline int write_env(struct mmc *mmc, unsigned long size, int saveenv(void) { - ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); + env_t *env_new = (env_t *)env_buf; ssize_t len; char *res; struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV); @@ -127,7 +129,7 @@ int saveenv(void) goto fini; } - res = (char *)&env_new->data; + res = (char *)env_new->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); @@ -135,7 +137,7 @@ int saveenv(void) goto fini; } - env_new->crc = crc32(0, &env_new->data[0], ENV_SIZE); + env_new->crc = crc32(0, env_new->data, ENV_SIZE); printf("Writing to MMC(%d)... ", CONFIG_SYS_MMC_ENV_DEV); if (write_env(mmc, CONFIG_ENV_SIZE, offset, (u_char *)env_new)) { puts("failed\n"); @@ -169,7 +171,6 @@ static inline int read_env(struct mmc *mmc, unsigned long size, void env_relocate_spec(void) { #if !defined(ENV_IS_EMBEDDED) - ALLOC_CACHE_ALIGN_BUFFER(char, buf, CONFIG_ENV_SIZE); struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV); u32 offset; int ret; @@ -184,12 +185,12 @@ void env_relocate_spec(void) goto fini; } - if (read_env(mmc, CONFIG_ENV_SIZE, offset, buf)) { + if (read_env(mmc, CONFIG_ENV_SIZE, offset, env_buf)) { ret = 1; goto fini; } - env_import(buf, 1); + env_import(env_buf, 1); ret = 0; fini: |