In message 1277804965-1086-1-git-send-email-wd@denx.de you wrote:
The hush shell dynamically allocates (and re-allocates) memory for the argument strings in the "char *argv[]" argument vector passed to commands. Any code that modifies these pointers will cause serious corruption of the malloc data structures and crash U-Boot, so make sure the compiler can check that no such modifications are being done by changing the code into "char * const argv[]".
This modification is the result of debugging a strange crash caused after adding a new command, which used the following argument processing code which has been working perfectly fine in all Unix systems since version 6 - but not so in U-Boot:
int main (int argc, char **argv) { while (--argc > 0 && **++argv == '-') { /* ====> */ while (*++*argv) { switch (**argv) { case 'd': debug++; break; ... default: usage (); } } } ... }
The line marked "====>" will corrupt the malloc data structures and usually cause U-Boot to crash when the next command gets executed by the shell. With the modification, the compiler will prevent this with an error: increment of read-only location '*argv'
N.B.: The code above can be trivially rewritten like this:
while (--argc > 0 && **++argv == '-') { char *arg = *argv; while (*++arg) { switch (*arg) { ...
Signed-off-by: Wolfgang Denk wd@denx.de
api/api.c | 2 +- arch/arm/cpu/arm_cortexa8/mx51/clock.c | 2 +- arch/arm/cpu/arm_cortexa8/omap3/board.c | 2 +- arch/arm/lib/bootm.c | 2 +- arch/arm/lib/reset.c | 2 +- arch/avr32/cpu/cpu.c | 2 +- arch/avr32/lib/bootm.c | 2 +- arch/blackfin/cpu/bootrom-asm-offsets.c.in | 2 +- arch/blackfin/cpu/reset.c | 2 +- arch/blackfin/lib/boot.c | 2 +- arch/blackfin/lib/cmd_cache_dump.c | 4 +- arch/blackfin/lib/kgdb.c | 2 +- arch/i386/cpu/cpu.c | 2 +- arch/i386/lib/board.c | 2 +- arch/i386/lib/bootm.c | 2 +- arch/i386/lib/interrupts.c | 2 +- arch/i386/lib/zimage.c | 2 +- arch/m68k/cpu/mcf5227x/cpu.c | 2 +- arch/m68k/cpu/mcf523x/cpu.c | 2 +- arch/m68k/cpu/mcf52x2/cpu.c | 14 ++++---- arch/m68k/cpu/mcf532x/cpu.c | 2 +- arch/m68k/cpu/mcf5445x/cpu.c | 2 +- arch/m68k/cpu/mcf547x_8x/cpu.c | 2 +- arch/m68k/lib/bootm.c | 2 +- arch/microblaze/cpu/interrupts.c | 4 +- arch/microblaze/lib/bootm.c | 2 +- arch/mips/cpu/cpu.c | 2 +- arch/mips/lib/bootm.c | 2 +- arch/mips/lib/bootm_qemu_mips.c | 2 +- arch/nios2/cpu/epcs.c | 14 ++++---- arch/nios2/cpu/interrupts.c | 2 +- arch/nios2/cpu/sysid.c | 2 +- arch/nios2/lib/bootm.c | 2 +- arch/powerpc/cpu/74xx_7xx/cpu.c | 2 +- arch/powerpc/cpu/74xx_7xx/interrupts.c | 2 +- arch/powerpc/cpu/mpc512x/cpu.c | 2 +- arch/powerpc/cpu/mpc512x/diu.c | 2 +- arch/powerpc/cpu/mpc512x/iim.c | 2 +- arch/powerpc/cpu/mpc512x/speed.c | 2 +- arch/powerpc/cpu/mpc5xx/cpu.c | 2 +- arch/powerpc/cpu/mpc5xx/interrupts.c | 2 +- arch/powerpc/cpu/mpc5xxx/cpu.c | 2 +- arch/powerpc/cpu/mpc5xxx/interrupts.c | 2 +- arch/powerpc/cpu/mpc8220/cpu.c | 2 +- arch/powerpc/cpu/mpc8220/interrupts.c | 2 +- arch/powerpc/cpu/mpc824x/cpu.c | 2 +- arch/powerpc/cpu/mpc8260/bedbug_603e.c | 4 +- arch/powerpc/cpu/mpc8260/cpu.c | 2 +- arch/powerpc/cpu/mpc8260/interrupts.c | 2 +- arch/powerpc/cpu/mpc83xx/cpu.c | 2 +- arch/powerpc/cpu/mpc83xx/ecc.c | 2 +- arch/powerpc/cpu/mpc83xx/interrupts.c | 2 +- arch/powerpc/cpu/mpc83xx/speed.c | 2 +- arch/powerpc/cpu/mpc85xx/cpu.c | 2 +- arch/powerpc/cpu/mpc85xx/interrupts.c | 2 +- arch/powerpc/cpu/mpc85xx/mp.c | 2 +- arch/powerpc/cpu/mpc86xx/cpu.c | 2 +- arch/powerpc/cpu/mpc86xx/interrupts.c | 2 +- arch/powerpc/cpu/mpc86xx/mp.c | 2 +- arch/powerpc/cpu/mpc8xx/bedbug_860.c | 4 +- arch/powerpc/cpu/mpc8xx/cpu.c | 4 +- arch/powerpc/cpu/ppc4xx/44x_spd_ddr2.c | 2 +- arch/powerpc/cpu/ppc4xx/bedbug_405.c | 4 +- arch/powerpc/cpu/ppc4xx/cmd_chip_config.c | 2 +- arch/powerpc/cpu/ppc4xx/cpu.c | 2 +- arch/powerpc/cpu/ppc4xx/interrupts.c | 2 +- arch/powerpc/lib/bootm.c | 4 +- arch/powerpc/lib/kgdb.c | 2 +- arch/sh/cpu/sh2/cpu.c | 2 +- arch/sh/cpu/sh3/cpu.c | 2 +- arch/sh/cpu/sh4/cpu.c | 2 +- arch/sh/lib/bootm.c | 2 +- arch/sparc/cpu/leon2/cpu.c | 2 +- arch/sparc/cpu/leon2/interrupts.c | 2 +- arch/sparc/cpu/leon3/cpu.c | 2 +- arch/sparc/cpu/leon3/interrupts.c | 2 +- arch/sparc/include/asm/prom.h | 2 +- arch/sparc/lib/board.c | 2 +- arch/sparc/lib/bootm.c | 2 +- board/BuS/EB+MCF-EV123/EB+MCF-EV123.c | 2 +- board/BuS/eb_cpux9k2/cpux9k2.c | 2 +- board/amcc/acadia/cmd_acadia.c | 2 +- board/amcc/luan/luan.c | 2 +- board/amcc/makalu/cmd_pll.c | 2 +- board/amcc/taihu/lcd.c | 8 ++-- board/amcc/taihu/taihu.c | 4 +- board/amcc/taihu/update.c | 2 +- board/amcc/taishan/lcd.c | 14 ++++---- board/amcc/taishan/showinfo.c | 6 ++-- board/amcc/taishan/update.c | 2 +- board/amcc/yucca/cmd_yucca.c | 6 ++-- board/amirix/ap1000/ap1000.c | 10 +++--- board/amirix/ap1000/powerspan.c | 4 +- board/barco/barco.c | 2 +- board/bc3450/cmd_bc3450.c | 12 +++--- board/bf537-stamp/cmd_bf537led.c | 2 +- board/cm-bf527/gpio.c | 2 +- board/cm-bf537e/flash.c | 2 +- board/cm-bf537u/flash.c | 2 +- board/cm5200/cmd_cm5200.c | 10 +++--- board/cm5200/fwupdate.c | 8 ++-- board/delta/delta.c | 2 +- board/digsy_mtc/cmd_mtc.c | 22 ++++++------ board/eltec/bab7xx/bab7xx.c | 2 +- board/eltec/elppc/elppc.c | 2 +- board/esd/apc405/apc405.c | 2 +- board/esd/ar405/ar405.c | 8 ++-- board/esd/ash405/ash405.c | 2 +- board/esd/canbt/canbt.c | 2 +- board/esd/cms700/cms700.c | 2 +- board/esd/common/auto_update.c | 2 +- board/esd/common/cmd_loadpci.c | 2 +- board/esd/common/lcd.c | 2 +- board/esd/common/xilinx_jtag/micro.c | 2 +- board/esd/cpci2dp/cpci2dp.c | 2 +- board/esd/cpci405/cpci405.c | 8 ++-- board/esd/cpci5200/cpci5200.c | 2 +- board/esd/cpci750/cpci750.c | 6 ++-- board/esd/cpci750/sdram_init.c | 2 +- board/esd/cpciiser4/cpciiser4.c | 2 +- board/esd/dasa_sim/cmd_dasa_sim.c | 2 +- board/esd/du405/du405.c | 2 +- board/esd/du440/du440.c | 16 ++++---- board/esd/hh405/hh405.c | 4 +- board/esd/ocrtc/cmd_ocrtc.c | 4 +- board/esd/pci405/cmd_pci405.c | 2 +- board/esd/pci405/pci405.c | 4 +- board/esd/pf5200/pf5200.c | 6 ++-- board/esd/plu405/plu405.c | 4 +- board/esd/pmc405de/pmc405de.c | 8 ++-- board/esd/pmc440/cmd_pmc440.c | 18 +++++----- board/esd/tasreg/tasreg.c | 14 ++++---- board/esd/vme8349/caddy.c | 2 +- board/esd/voh405/voh405.c | 4 +- board/esd/wuh405/wuh405.c | 2 +- board/evb64260/zuma_pbb.c | 6 ++-- board/freescale/common/ngpixis.c | 2 +- board/freescale/common/pixis.c | 6 ++-- board/freescale/common/sys_eeprom.c | 2 +- board/freescale/m5249evb/m5249evb.c | 2 +- board/freescale/mpc8610hpcd/mpc8610hpcd_diu.c | 2 +- board/funkwerk/vovpn-gw/vovpn-gw.c | 2 +- board/g2000/g2000.c | 6 ++-- board/hymod/bsp.c | 6 ++-- board/inka4x0/inkadiag.c | 14 ++++---- board/keymile/km_arm/km_arm.c | 2 +- board/lwmon/lwmon.c | 18 +++++----- board/lwmon5/kbd.c | 6 ++-- board/lwmon5/lwmon5.c | 2 +- board/micronas/vct/smc_eeprom.c | 6 ++-- board/mpl/common/common_util.c | 2 +- board/mpl/mip405/cmd_mip405.c | 4 +- board/mpl/pati/cmd_pati.c | 4 +- board/mpl/pip405/cmd_pip405.c | 4 +- board/mpl/vcma9/cmd_vcma9.c | 4 +- board/netstar/crcit.c | 2 +- board/netstar/eeprom.c | 2 +- board/pcippc2/pcippc2.c | 4 +- board/pcs440ep/pcs440ep.c | 4 +- board/pdm360ng/pdm360ng.c | 2 +- board/pn62/cmd_pn62.c | 4 +- board/ppmc7xx/ppmc7xx.c | 2 +- board/prodrive/pdnb3/pdnb3.c | 4 +- board/pxa255_idp/pxa_idp.c | 2 +- board/r360mpi/r360mpi.c | 2 +- board/renesas/sh7785lcr/rtl8169_mac.c | 4 +- board/renesas/sh7785lcr/selfcheck.c | 2 +- board/renesas/sh7785lcr/sh7785lcr.c | 2 +- board/sacsng/sacsng.c | 2 +- board/sandburst/common/ppc440gx_i2c.c | 2 +- board/sandburst/karef/karef.c | 4 +- board/sandburst/metrobox/metrobox.c | 4 +- board/siemens/common/fpga.c | 2 +- board/siemens/pcu_e/pcu_e.c | 2 +- board/spear/common/spr_misc.c | 2 +- board/tcm-bf537/flash.c | 2 +- board/tqc/tqm5200/cmd_stk52xx.c | 14 ++++---- board/tqc/tqm5200/cmd_tb5200.c | 4 +- board/tqc/tqm8272/tqm8272.c | 2 +- board/trab/cmd_trab.c | 24 +++++++------- board/trab/trab.c | 2 +- board/trab/trab_fkt.c | 34 +++++++++--------- board/trizepsiv/eeprom.c | 6 ++-- board/voiceblue/eeprom.c | 2 +- board/w7o/cmd_vpd.c | 2 +- board/zeus/update.c | 2 +- board/zeus/zeus.c | 6 ++-- common/cmd_ambapp.c | 2 +- common/cmd_bdinfo.c | 16 ++++---- common/cmd_bedbug.c | 16 ++++---- common/cmd_bmp.c | 6 ++-- common/cmd_boot.c | 6 ++-- common/cmd_bootldr.c | 2 +- common/cmd_bootm.c | 44 ++++++++++++------------ common/cmd_cache.c | 4 +- common/cmd_console.c | 2 +- common/cmd_cplbinfo.c | 2 +- common/cmd_cramfs.c | 4 +- common/cmd_dataflash_mmc_mux.c | 2 +- common/cmd_date.c | 2 +- common/cmd_dcr.c | 8 ++-- common/cmd_df.c | 2 +- common/cmd_diag.c | 2 +- common/cmd_display.c | 2 +- common/cmd_dtt.c | 2 +- common/cmd_echo.c | 2 +- common/cmd_eeprom.c | 2 +- common/cmd_elf.c | 7 ++-- common/cmd_exit.c | 2 +- common/cmd_ext2.c | 4 +- common/cmd_fat.c | 8 ++-- common/cmd_fdc.c | 2 +- common/cmd_fdos.c | 4 +- common/cmd_fdt.c | 6 ++-- common/cmd_flash.c | 6 ++-- common/cmd_fpga.c | 2 +- common/cmd_help.c | 2 +- common/cmd_i2c.c | 30 ++++++++-------- common/cmd_ide.c | 4 +- common/cmd_immap.c | 36 ++++++++++---------- common/cmd_irq.c | 4 +- common/cmd_itest.c | 2 +- common/cmd_jffs2.c | 6 ++-- common/cmd_license.c | 2 +- common/cmd_load.c | 8 ++-- common/cmd_log.c | 2 +- common/cmd_mac.c | 2 +- common/cmd_mem.c | 40 +++++++++++----------- common/cmd_mfsl.c | 6 ++-- common/cmd_mgdisk.c | 2 +- common/cmd_mii.c | 2 +- common/cmd_misc.c | 2 +- common/cmd_mmc.c | 6 ++-- common/cmd_mp.c | 2 +- common/cmd_mtdparts.c | 4 +- common/cmd_nand.c | 6 ++-- common/cmd_net.c | 24 +++++++------- common/cmd_nvedit.c | 18 +++++----- common/cmd_onenand.c | 20 ++++++------ common/cmd_otp.c | 2 +- common/cmd_pci.c | 2 +- common/cmd_pcmcia.c | 2 +- common/cmd_portio.c | 4 +- common/cmd_reginfo.c | 2 +- common/cmd_reiser.c | 4 +- common/cmd_sata.c | 2 +- common/cmd_scsi.c | 4 +- common/cmd_setexpr.c | 2 +- common/cmd_sf.c | 8 ++-- common/cmd_source.c | 2 +- common/cmd_spi.c | 2 +- common/cmd_spibootldr.c | 2 +- common/cmd_strings.c | 2 +- common/cmd_terminal.c | 2 +- common/cmd_test.c | 8 ++-- common/cmd_tsi148.c | 2 +- common/cmd_ubi.c | 2 +- common/cmd_ubifs.c | 6 ++-- common/cmd_universe.c | 2 +- common/cmd_usb.c | 4 +- common/cmd_version.c | 2 +- common/cmd_vfd.c | 2 +- common/cmd_ximg.c | 2 +- common/cmd_yaffs2.c | 24 +++++++------- common/command.c | 12 +++--- common/hush.c | 10 +++--- common/image.c | 6 ++-- common/kgdb.c | 2 +- common/lcd.c | 4 +- common/main.c | 6 ++-- doc/README.standalone | 2 +- drivers/gpio/pca953x.c | 2 +- drivers/misc/ds4510.c | 2 +- drivers/misc/fsl_pmic.c | 2 +- drivers/qe/qe.c | 2 +- examples/api/demo.c | 2 +- examples/standalone/82559_eeprom.c | 2 +- examples/standalone/atmel_df_pow2.c | 2 +- examples/standalone/eepro100_eeprom.c | 2 +- examples/standalone/hello_world.c | 2 +- examples/standalone/interrupt.c | 2 +- examples/standalone/mem_to_mem_idma2intr.c | 4 +- examples/standalone/smc91111_eeprom.c | 2 +- examples/standalone/smc911x_eeprom.c | 2 +- examples/standalone/stubs.c | 2 +- examples/standalone/test_burst.c | 2 +- examples/standalone/timer.c | 2 +- include/bedbug/type.h | 2 +- include/command.h | 8 ++-- include/common.h | 2 +- include/exports.h | 2 +- include/image.h | 4 +- include/kgdb.h | 2 +- include/vxworks.h | 2 +- lib/vsprintf.c | 2 +- 295 files changed, 659 insertions(+), 658 deletions(-)
Applied.
Best regards,
Wolfgang Denk