From 54841ab50c20d6fa6c9cc3eb826989da3a22d934 Mon Sep 17 00:00:00 2001 From: Wolfgang Denk Date: Mon, 28 Jun 2010 22:00:46 +0200 Subject: Make sure that argv[] argument pointers are not modified. The hush shell dynamically allocates (and re-allocates) memory for the argument strings in the "char *argv[]" argument vector passed to commands. Any code that modifies these pointers will cause serious corruption of the malloc data structures and crash U-Boot, so make sure the compiler can check that no such modifications are being done by changing the code into "char * const argv[]". This modification is the result of debugging a strange crash caused after adding a new command, which used the following argument processing code which has been working perfectly fine in all Unix systems since version 6 - but not so in U-Boot: int main (int argc, char **argv) { while (--argc > 0 && **++argv == '-') { /* ====> */ while (*++*argv) { switch (**argv) { case 'd': debug++; break; ... default: usage (); } } } ... } The line marked "====>" will corrupt the malloc data structures and usually cause U-Boot to crash when the next command gets executed by the shell. With the modification, the compiler will prevent this with an error: increment of read-only location '*argv' N.B.: The code above can be trivially rewritten like this: while (--argc > 0 && **++argv == '-') { char *arg = *argv; while (*++arg) { switch (*arg) { ... Signed-off-by: Wolfgang Denk Acked-by: Mike Frysinger --- arch/m68k/cpu/mcf5227x/cpu.c | 2 +- arch/m68k/cpu/mcf523x/cpu.c | 2 +- arch/m68k/cpu/mcf52x2/cpu.c | 14 +++++++------- arch/m68k/cpu/mcf532x/cpu.c | 2 +- arch/m68k/cpu/mcf5445x/cpu.c | 2 +- arch/m68k/cpu/mcf547x_8x/cpu.c | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) (limited to 'arch/m68k/cpu') diff --git a/arch/m68k/cpu/mcf5227x/cpu.c b/arch/m68k/cpu/mcf5227x/cpu.c index d9f5f43..5129a03 100644 --- a/arch/m68k/cpu/mcf5227x/cpu.c +++ b/arch/m68k/cpu/mcf5227x/cpu.c @@ -33,7 +33,7 @@ DECLARE_GLOBAL_DATA_PTR; -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { volatile rcm_t *rcm = (rcm_t *) (MMAP_RCM); udelay(1000); diff --git a/arch/m68k/cpu/mcf523x/cpu.c b/arch/m68k/cpu/mcf523x/cpu.c index a1a5133..582aec9 100644 --- a/arch/m68k/cpu/mcf523x/cpu.c +++ b/arch/m68k/cpu/mcf523x/cpu.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { volatile ccm_t *ccm = (ccm_t *) MMAP_CCM; diff --git a/arch/m68k/cpu/mcf52x2/cpu.c b/arch/m68k/cpu/mcf52x2/cpu.c index c4c5d50..9fb717c 100644 --- a/arch/m68k/cpu/mcf52x2/cpu.c +++ b/arch/m68k/cpu/mcf52x2/cpu.c @@ -38,7 +38,7 @@ DECLARE_GLOBAL_DATA_PTR; #ifdef CONFIG_M5208 -int do_reset(cmd_tbl_t *cmdtp, bd_t *bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t *cmdtp, bd_t *bd, int flag, int argc, char * const argv[]) { volatile rcm_t *rcm = (rcm_t *)(MMAP_RCM); @@ -142,7 +142,7 @@ int checkcpu(void) return 0; } -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { /* Call the board specific reset actions first. */ if(board_reset) { @@ -177,7 +177,7 @@ int watchdog_init(void) #endif #ifdef CONFIG_M5272 -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { volatile wdog_t *wdp = (wdog_t *) (MMAP_WDOG); @@ -257,7 +257,7 @@ int watchdog_init(void) #endif /* #ifdef CONFIG_M5272 */ #ifdef CONFIG_M5275 -int do_reset(cmd_tbl_t *cmdtp, bd_t *bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t *cmdtp, bd_t *bd, int flag, int argc, char * const argv[]) { volatile rcm_t *rcm = (rcm_t *)(MMAP_RCM); @@ -337,7 +337,7 @@ int checkcpu(void) return 0; } -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { MCFRESET_RCR = MCFRESET_RCR_SOFTRST; return 0; @@ -354,7 +354,7 @@ int checkcpu(void) return 0; } -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { /* enable watchdog, set timeout to 0 and wait */ mbar_writeByte(MCFSIM_SYPCR, 0xc0); @@ -384,7 +384,7 @@ int checkcpu(void) return 0; } -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { /* enable watchdog, set timeout to 0 and wait */ mbar_writeByte(SIM_SYPCR, 0xc0); diff --git a/arch/m68k/cpu/mcf532x/cpu.c b/arch/m68k/cpu/mcf532x/cpu.c index 331cc15..0af4969 100644 --- a/arch/m68k/cpu/mcf532x/cpu.c +++ b/arch/m68k/cpu/mcf532x/cpu.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { volatile rcm_t *rcm = (rcm_t *) (MMAP_RCM); diff --git a/arch/m68k/cpu/mcf5445x/cpu.c b/arch/m68k/cpu/mcf5445x/cpu.c index 6238bc0..182521c 100644 --- a/arch/m68k/cpu/mcf5445x/cpu.c +++ b/arch/m68k/cpu/mcf5445x/cpu.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { volatile rcm_t *rcm = (rcm_t *) (MMAP_RCM); udelay(1000); diff --git a/arch/m68k/cpu/mcf547x_8x/cpu.c b/arch/m68k/cpu/mcf547x_8x/cpu.c index 3912a74..f9a4b64 100644 --- a/arch/m68k/cpu/mcf547x_8x/cpu.c +++ b/arch/m68k/cpu/mcf547x_8x/cpu.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; -int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char *argv[]) +int do_reset(cmd_tbl_t * cmdtp, bd_t * bd, int flag, int argc, char * const argv[]) { volatile gptmr_t *gptmr = (gptmr_t *) (MMAP_GPTMR); -- cgit v1.1