summaryrefslogtreecommitdiff
path: root/common/env_sf.c
diff options
context:
space:
mode:
authorRob Herring <rob.herring@calxeda.com>2013-03-22 11:26:21 +0000
committerTom Rini <trini@ti.com>2013-04-02 16:23:34 -0400
commit60d7d5a63189c9f77a190c9965861dc15482c2d0 (patch)
tree68bf7c543f8f282142eb7a10c700b3a3d86341fb /common/env_sf.c
parentc17b94ec5ec89c63070dd385b6c3a6645761c405 (diff)
env: fix potential stack overflow in environment functions
Most of the various environment functions create CONFIG_ENV_SIZE buffers on the stack. At least on ARM and PPC which have 4KB stacks, this can overflow the stack if we have large environment sizes. So move all the buffers off the stack to static buffers. Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Diffstat (limited to 'common/env_sf.c')
-rw-r--r--common/env_sf.c23
1 files changed, 12 insertions, 11 deletions
diff --git a/common/env_sf.c b/common/env_sf.c
index d9e9085461..9a592ba956 100644
--- a/common/env_sf.c
+++ b/common/env_sf.c
@@ -58,11 +58,12 @@ DECLARE_GLOBAL_DATA_PTR;
char *env_name_spec = "SPI Flash";
static struct spi_flash *env_flash;
+static char env_buf[CONFIG_ENV_SIZE];
#if defined(CONFIG_ENV_OFFSET_REDUND)
int saveenv(void)
{
- env_t env_new;
+ env_t *env_new = (env_t *)env_buf;
ssize_t len;
char *res, *saved_buffer = NULL, flag = OBSOLETE_FLAG;
u32 saved_size, saved_offset, sector = 1;
@@ -78,14 +79,14 @@ int saveenv(void)
}
}
- res = (char *)&env_new.data;
+ res = (char *)env_new->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
- env_new.crc = crc32(0, env_new.data, ENV_SIZE);
- env_new.flags = ACTIVE_FLAG;
+ env_new->crc = crc32(0, env_new->data, ENV_SIZE);
+ env_new->flags = ACTIVE_FLAG;
if (gd->env_valid == 1) {
env_new_offset = CONFIG_ENV_OFFSET_REDUND;
@@ -125,7 +126,7 @@ int saveenv(void)
puts("Writing to SPI flash...");
ret = spi_flash_write(env_flash, env_new_offset,
- CONFIG_ENV_SIZE, &env_new);
+ CONFIG_ENV_SIZE, env_new);
if (ret)
goto done;
@@ -137,7 +138,7 @@ int saveenv(void)
}
ret = spi_flash_write(env_flash, env_offset + offsetof(env_t, flags),
- sizeof(env_new.flags), &flag);
+ sizeof(env_new->flags), &flag);
if (ret)
goto done;
@@ -243,7 +244,7 @@ int saveenv(void)
u32 saved_size, saved_offset, sector = 1;
char *res, *saved_buffer = NULL;
int ret = 1;
- env_t env_new;
+ env_t *env_new = (env_t *)env_buf;
ssize_t len;
if (!env_flash) {
@@ -276,13 +277,13 @@ int saveenv(void)
sector++;
}
- res = (char *)&env_new.data;
+ res = (char *)env_new->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
goto done;
}
- env_new.crc = crc32(0, env_new.data, ENV_SIZE);
+ env_new->crc = crc32(0, env_new->data, ENV_SIZE);
puts("Erasing SPI flash...");
ret = spi_flash_erase(env_flash, CONFIG_ENV_OFFSET,
@@ -292,7 +293,7 @@ int saveenv(void)
puts("Writing to SPI flash...");
ret = spi_flash_write(env_flash, CONFIG_ENV_OFFSET,
- CONFIG_ENV_SIZE, &env_new);
+ CONFIG_ENV_SIZE, env_new);
if (ret)
goto done;
@@ -315,7 +316,7 @@ int saveenv(void)
void env_relocate_spec(void)
{
- char buf[CONFIG_ENV_SIZE];
+ char *buf = env_buf;
int ret;
env_flash = spi_flash_probe(CONFIG_ENV_SPI_BUS, CONFIG_ENV_SPI_CS,