[U-Boot] Bug introduced in x86 cleanup patches
Hi Wolfgang, Gabe,
My recent x86 cleanup added a small, but very nasty, bug at line 231 of arch/x86/lib/board.c:
offset_ptr_ram = offset_ptr_rom + gd->reloc_off
Because offset_ptr_rom is a pointer, when gd->reloc_off gets added, there is a silent 4x multiplication. The solution is (tested):
offset_ptr_ram = (Elf32_Rel *)((ulong)offset_ptr_rom + gd->reloc_off);
Or (haven't tested - will test tonight):
offset_ptr_ram = offset_ptr_rom + (Elf32_Rel *)gd->reloc_off;
I have two options - Fix it in the existing commit. As it has not been pulled into u-boot/master yet, distribution is likely limited to yourself only - Add a fixup patch
Thoughts?
Regards,
Graeme
On Mon, Nov 14, 2011 at 2:10 PM, Graeme Russ graeme.russ@gmail.com wrote:
Hi Wolfgang, Gabe,
My recent x86 cleanup added a small, but very nasty, bug at line 231 of arch/x86/lib/board.c:
offset_ptr_ram = offset_ptr_rom + gd->reloc_offBecause offset_ptr_rom is a pointer, when gd->reloc_off gets added, there is a silent 4x multiplication. The solution is (tested):
offset_ptr_ram = (Elf32_Rel *)((ulong)offset_ptr_rom + gd->reloc_off);Or (haven't tested - will test tonight):
offset_ptr_ram = offset_ptr_rom + (Elf32_Rel *)gd->reloc_off;I have two options
- Fix it in the existing commit. As it has not been pulled into u-boot/master yet, distribution is likely limited to yourself only
- Add a fixup patch
Thoughts?
Regards,
Graeme
I think the second one is either illegal or depends on undefined behavior. I don't think you can add two pointers like that. The first should work, though. Ironically I introduced this same bug in our tree a while ago and fixed it in a separate patch. They were folded together when I sent them upstream.
Gabe
Dear Graeme,
In message CALButCJFYQWb4TtF_nwJgk6HAceEB1PntqZUfK_npXwts3CRyQ@mail.gmail.com you wrote:
My recent x86 cleanup added a small, but very nasty, bug at line 231 of arch/x86/lib/board.c:
offset_ptr_ram = offset_ptr_rom + gd->reloc_off
Because offset_ptr_rom is a pointer, when gd->reloc_off gets added, there is a silent 4x multiplication. The solution is (tested):
offset_ptr_ram = (Elf32_Rel *)((ulong)offset_ptr_rom + gd->reloc_off);
Or (haven't tested - will test tonight):
offset_ptr_ram = offset_ptr_rom + (Elf32_Rel *)gd->reloc_off;
I have two options
- Fix it in the existing commit. As it has not been pulled into u-boot/master yet, distribution is likely limited to yourself only
- Add a fixup patch
As far as I'm concerned, I'm OK with a fix in the existing commit and a rebase of your tree.
Best regards,
Wolfgang Denk
participants (3)
-
Gabe Black -
Graeme Russ -
Wolfgang Denk