From 01cc0084d91f484dd803369d14f470dd649db475 Mon Sep 17 00:00:00 2001 From: Jan Weitzel Date: Mon, 25 Mar 2013 16:15:57 +0100 Subject: [PATCH] ubiformat: get buffer from malloc There was a erase block sized (here 131072) char buf array on the stack. Changed this to get the space from malloc preventing stack overflows. Also fix a wrong return without clean up. Signed-off-by: Jan Weitzel Signed-off-by: Sascha Hauer --- commands/ubiformat.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/commands/ubiformat.c b/commands/ubiformat.c index 47941bedb..121816f4d 100644 --- a/commands/ubiformat.c +++ b/commands/ubiformat.c @@ -296,13 +296,20 @@ static int mark_bad(const struct mtd_dev_info *mtd, struct ubi_scan_info *si, in static int flash_image(const struct mtd_dev_info *mtd, const struct ubigen_info *ui, struct ubi_scan_info *si) { - int fd, img_ebs, eb, written_ebs = 0, divisor; + int fd, img_ebs, eb, written_ebs = 0, divisor, ret = -1; off_t st_size; + char *buf = NULL; fd = open_file(&st_size); if (fd < 0) return fd; + buf = malloc(mtd->eb_size); + if (!buf) { + sys_errmsg("cannot allocate %d bytes of memory", mtd->eb_size); + goto out_close; + } + img_ebs = st_size / mtd->eb_size; if (img_ebs > si->good_cnt) { @@ -312,8 +319,9 @@ static int flash_image(const struct mtd_dev_info *mtd, } if (st_size % mtd->eb_size) { - return sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of ""eraseblock size (%d bytes)", - args.image, (long long)st_size, mtd->eb_size); + sys_errmsg("file \"%s\" (size %lld bytes) is not multiple of " + "eraseblock size (%d bytes)", + args.image, (long long)st_size, mtd->eb_size); goto out_close; } @@ -321,7 +329,6 @@ static int flash_image(const struct mtd_dev_info *mtd, divisor = img_ebs; for (eb = 0; eb < mtd->eb_cnt; eb++) { int err, new_len; - char buf[mtd->eb_size]; long long ec; if (!args.quiet && !args.verbose) { @@ -404,12 +411,13 @@ static int flash_image(const struct mtd_dev_info *mtd, if (!args.quiet && !args.verbose) printf("\n"); - close(fd); - return eb + 1; + + ret = eb + 1; out_close: + free(buf); close(fd); - return -1; + return ret; } static int format(const struct mtd_dev_info *mtd,