Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 54841ab50c20d6fa6c9cc3eb826989da3a22d934^! / . / common / cmd_elf.c
commit54841ab50c20d6fa6c9cc3eb826989da3a22d934[log] [tgz]
authorWolfgang Denk <wd@denx.de>Mon Jun 28 22:00:46 2010 +0200
committerWolfgang Denk <wd@denx.de>Sun Jul 04 23:55:42 2010 +0200
tree400f22f0a12ff0ae6c472bed6ac648befc1744a2
parentb218ccb5435e64ac2318bb8b6c9594ef1cc724cd [diff] [blame]
Make sure that argv[] argument pointers are not modified.

The hush shell dynamically allocates (and re-allocates) memory for the
argument strings in the "char *argv[]" argument vector passed to
commands.  Any code that modifies these pointers will cause serious
corruption of the malloc data structures and crash U-Boot, so make
sure the compiler can check that no such modifications are being done
by changing the code into "char * const argv[]".

This modification is the result of debugging a strange crash caused
after adding a new command, which used the following argument
processing code which has been working perfectly fine in all Unix
systems since version 6 - but not so in U-Boot:

int main (int argc, char **argv)
{
	while (--argc > 0 && **++argv == '-') {
/* ====> */	while (*++*argv) {
			switch (**argv) {
			case 'd':
				debug++;
				break;
			...
			default:
				usage ();
			}
		}
	}
	...
}

The line marked "====>" will corrupt the malloc data structures and
usually cause U-Boot to crash when the next command gets executed by
the shell.  With the modification, the compiler will prevent this with
an
	error: increment of read-only location '*argv'

N.B.: The code above can be trivially rewritten like this:

	while (--argc > 0 && **++argv == '-') {
		char *arg = *argv;
		while (*++arg) {
			switch (*arg) {
			...

Signed-off-by: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>

diff --git a/common/cmd_elf.c b/common/cmd_elf.c
index 63f6fe7..104d6e6 100644
--- a/common/cmd_elf.c
+++ b/common/cmd_elf.c

@@ -29,7 +29,8 @@
 
 /* Allow ports to override the default behavior */
 __attribute__((weak))
-unsigned long do_bootelf_exec (ulong (*entry)(int, char *[]), int argc, char *argv[])
+unsigned long do_bootelf_exec (ulong (*entry)(int, char * const[]),
+			       int argc, char * const argv[])
 {
 	unsigned long ret;
 
@@ -56,7 +57,7 @@
 /* ======================================================================
  * Interpreter command to boot an arbitrary ELF image from memory.
  * ====================================================================== */
-int do_bootelf (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[])
+int do_bootelf (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 {
 	unsigned long addr;		/* Address of the ELF image     */
 	unsigned long rc;		/* Return value from user code  */
@@ -93,7 +94,7 @@
  * be either an ELF image or a raw binary.  Will attempt to setup the
  * bootline and other parameters correctly.
  * ====================================================================== */
-int do_bootvx (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[])
+int do_bootvx (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 {
 	unsigned long addr;		/* Address of image            */
 	unsigned long bootaddr;		/* Address to put the bootline */