From 1e2c6506fbf503bace8356f90cd54a5b01a32f88 Mon Sep 17 00:00:00 2001 From: Dominik Riebeling Date: Sat, 9 Jun 2012 22:03:43 +0200 Subject: [PATCH] Fix crash in mkimxboot bootloader installation. mkimxboot requires passing a structure which got extended with another field. This wasn't adjusted in Rockbox Utility, causing an out of bound access to an array, which results in a segfault. Change-Id: I0252849ed0b41f1d8804537c053debc9b0ecd08d --- rbutil/mkimxboot/mkimxboot.c | 3 +++ rbutil/rbutilqt/base/bootloaderinstallimx.cpp | 1 + 2 files changed, 4 insertions(+) diff --git a/rbutil/mkimxboot/mkimxboot.c b/rbutil/mkimxboot/mkimxboot.c index 8806167078..c33c0404c0 100644 --- a/rbutil/mkimxboot/mkimxboot.c +++ b/rbutil/mkimxboot/mkimxboot.c @@ -331,6 +331,9 @@ enum imx_error_t mkimxboot(const char *infile, const char *bootfile, const char *outfile, struct imx_option_t opt) { /* Dump tables */ + if(opt.fw_variant > VARIANT_COUNT) { + return IMX_ERROR; + } dump_imx_dev_info("[INFO] "); /* compute MD5 sum of the file */ uint8_t file_md5sum[16]; diff --git a/rbutil/rbutilqt/base/bootloaderinstallimx.cpp b/rbutil/rbutilqt/base/bootloaderinstallimx.cpp index e25244f80a..c085b30346 100644 --- a/rbutil/rbutilqt/base/bootloaderinstallimx.cpp +++ b/rbutil/rbutilqt/base/bootloaderinstallimx.cpp @@ -49,6 +49,7 @@ void BootloaderThreadImx::run(void) struct imx_option_t opt; opt.debug = false; opt.output = IMX_DUALBOOT; + opt.fw_variant = VARIANT_DEFAULT; m_error = mkimxboot(m_inputfile.toLocal8Bit().constData(), m_bootfile.toLocal8Bit().constData(),