From patchwork Thu Sep 5 17:57:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Grant Pannell X-Patchwork-Id: 1981362 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=flashrom.org header.i=@flashrom.org header.a=rsa-sha256 header.s=dkim header.b=jmUnMCDO; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=digitaldj.net header.i=@digitaldj.net header.a=rsa-sha256 header.s=selector2 header.b=JbZ0JUfA; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=flashrom.org (client-ip=78.46.105.101; helo=coreboot.org; envelope-from=flashrom-bounces@flashrom.org; receiver=patchwork.ozlabs.org) Received: from coreboot.org (coreboot.org [78.46.105.101]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4X06Xl3TpXz1yXY for ; Fri, 6 Sep 2024 03:58:14 +1000 (AEST) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTPA id 53F10EC846; Thu, 5 Sep 2024 17:58:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=flashrom.org; s=dkim; t=1725559089; h=from:from:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=sBSDBgZr+WyNOb/o/9sRINMM6WY5/dSl9aHO0Bp+cmU=; b=jmUnMCDOebEdzT2yMg8EWRRB/E1fap+U3gt+q12R2jRrP1+IHNwWn53KELXyGFonCdGsW9 D+UW5cmOKwVyMwSO3bum7+9h+yHp28CEIXjBJtMBgE0psWiF0pHfUJdGetUwNOi3bObXNV Ol00LddZKL+sIRVMYbTq3DcU0KCBS8I= Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTP id A301BEC63A for ; Thu, 5 Sep 2024 17:57:52 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IPpuEsib7YY5ftororsaGOYxOptd2/Oxe6zInzsOhflcoezC0LSZ3fS9ALAr4qYrfSvjQ4TA5zEh061zqp3vWLOwDNnwa0+ZTXQgy3k6u5dy8mc3CAKtRTRa1dzCZDbJsRGVEy7pTw8MhX0qk65aORfKQatS3mrNj8pWToETD4/1/bsq5wsHxi7PyVfwCazBeAdyzSm7j3CV06iyhfTordjnzTIavbmZSPPS83txDv86JTbwhUcKdKHA/RGyGyn2zEY3RlmDUdg03Xw5bblIX/fQa0LwFtgWwAnWwcQxf2N+gT6U9uBVh8kLfzWtTzMhJqd/Fdqc0GO4feSxMKp0ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PGHHoqQ5BMcVB/IwbCYQiiSKwc4DS5iW71BIe9OIO7A=; b=e/iFa4y0izrBD8FGkVaBEq2u5bF1XwVhllgbaymSKtOOhPq+w8N7t53yveJCUW9EIHDJrO/efxo9DBDN1bXvX/0QlRP/hZQG+L4qvvFVSVtCKPud9RT/0NJ504zb2AxFdlviPyVgA/aCioDsKBwasNX+HpaMroQ8yYx7cahgQ7fTIBGeROWQRK8HkmG76sc+IeNDnQAzDgjbTyvzgc9xhnHYqSiXItFdxnErTHRKrzaO4maX2N5czzFYsfWHVdUyGUmhRP7+xoREot4fDGGc6skzpjBVYbCebvrbdU0m6wPastJhK3u/VZwYo0HBPNgnVyixxviszCo3I8m9vMyYXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digitaldj.net; dmarc=pass action=none header.from=digitaldj.net; dkim=pass header.d=digitaldj.net; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitaldj.net; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PGHHoqQ5BMcVB/IwbCYQiiSKwc4DS5iW71BIe9OIO7A=; b=JbZ0JUfA5QkwZG9amwDOoe7kNkLFfGDc+1kvI2ol9GcUACAfXqj2+QXp5H22VayGjECnidCamyZ+eL9lEjlbJsEpYyzwma0pCz0Y321iaoP0/3ad9vBSf64wRAWi42F9nSYKGqCyYNHIyyOtECxeBQ116rtWnETcxLocVlrXqo/mWPEUIOQrhVAc8sms+v1uB0ROAXViOnTao2kk/k0EIFxzaEimPfII+9bnx0BPAVJ4hGYN9qaHTn2QrBNThZboHqqwXLuprbLaCKZrUVEyTGRFZkApyGsJpbstN3ujSl6aY8WMJL2ZCiutOUYGV5CvdJrQKP7Dpw8Y0aakNRGHBA== Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) ME3P282MB0996.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:8::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.16; Thu, 5 Sep 2024 17:57:46 +0000 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) ([fe80::76f7:d8ab:86cf:4742]) by SYYP282MB1246.AUSP282.PROD.OUTLOOK.COM ([fe80::76f7:d8ab:86cf:4742%4]) with mapi id 15.20.7918.024; Thu, 5 Sep 2024 17:57:46 +0000 To: "flashrom@flashrom.org" Thread-Topic: flashrom1.4 segfault in init_eraseblock Thread-Index: Adr/uzbRwLwuVvXORCKQroT5hXyVvw== Date: Thu, 5 Sep 2024 17:57:45 +0000 Message-ID: Accept-Language: en-AU, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SYYP282MB1246:EE_|ME3P282MB0996:EE_ x-ms-office365-filtering-correlation-id: 97d3ed0b-c2ac-473f-f119-08dccdd43f56 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; x-microsoft-antispam-message-info: gBCsQrTJY+YlbmrJNFw4IjkFplFw8rMSbFRIQwGIIz+JUSThD6x8nw6ChZkGkalUDnxnNBNq71SnuXSpUi7lIco3PqbXkS4mKmgVvLan9ze3xQFdE0omy7PS0ch2fThH69lnboK9vXhHZhZXN564oFxmFUMdax9eMaYrsgMwiVJqjOh6OYCVjvXKf6oteQsrUoRxWr9/ih655sFrDohjFqyxYDlJTvKP43PMIIWzaBpIIZZoL57hw/7FsPJtrEZB1mGf854Hf8LHAPDUWtYYSQatigKN2SB9pE6oPL0yKRasO6G6Q3UkSF5DDr350By/3qxs55VQ5mr3EU5YcT31USpCYpLD4fqDRqJAG+NDxgDLMHsurq7TX3+ZxpNNEML0SufNpK20jUoHvRCFgB5hTXuBJl861miAepqazCSoxfAb9pzObbrecOWn09LrowEEU5gqw07R6Y+drC4CZfu3CkMO6UzNoMDDJOW7qBslnCBy7F55lZRmgANxt62+PoUWW/At+OPFwauFto8VLeMQijb3ch99kM5htgm/o4jTyeUJ+qaFa2mJxoHJtlYhPWi47eiqfvS99YEkr0Qs8Mu2AFOR/EJpr2ZiUBD/pYqkjsnj9/5+9LCzxFGUdAuwyV7wy1M8YIHH178koe4zO90ix7aCorxEdViVKUxyuKVkIRMviYG9lAu0IJpyjxNrRr6ZcfA/IJB6VN1LnpsYtU5Ni+4y6NjaDKW8eKjyRRQSBjNAHlorPIt3/z4oDfcBgK2tTrm+42BSew5Ko66904Wm3smiQvtJyqZJQKGd+gxeosaVQOC1xubWRiVK4gvuw/s2AakSfN48ZE1ngSsPaJohE9WZIiAPJsisPdW95vl4w0vVQhyp7nwLDLbIe0zXHMC2LF4x2yH0PCJnY9QLvu4Vjkbc2MOuESXWzwCWAjaezNO5xdeTN+NN3sx8eEzItYZvIn6ytrwTmK5/Dw7QikaQ3MnSDXMI6QtLZEaOTgl43o94ibdcVoVslfLtB6dyMUlcCq8mMD0t1gudyYaiXRwttqFQ3EQ2Tk+MgB22S9V/NX/qzDbTt+hMUUTHZSv7tGAgFG8crswelV03WcOvv3ujTZc7yYTrjHavdZ3snkTIbl3N03g15BoKPaGaH1dt11gR/76Y8s1eofg6x0JAdB2yqmO6P4p29jWHU+UTPhN4IzZjOFpl8whWckd3nfMTJxNaMHMEHGAtbnWFOmGRm3Ews2YspdfGbEAOXvR0jgXKVvGi/nc+tAJu83nGmsk7Xmff7AqKehgxWJyeLSyAvyhAVdGDt1DHx5pKrNIyQjMrIAHjw102F+rK0DSwL7nElRfhytNuBF0nHFtidOV68KvIowx2rLzJZbdGIFx3E3fsNlt52EasxLvJXMI85D1eke8iDsVTcHOU8ajLIRXx3XHygQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SYYP282MB1246.AUSP282.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: 27zE0eNij95HNJEAUage6G76a+A4Bnxbt9YWufqUwumQ5eSJ5+Uk664Vn37hEUGiFxXJz0D++OQmgVcUKqLnq+ofblEsVNpeTb/UQqMxnWqUEAy3t7xh5Po7bFMg0TahOk1mhs+no/WJaLwKvwabJHo5b8xE9RGDNYysyxthSyS7XQIjZwmdFnvmpX69xKyjxsMviXlQMtByADa9i210YmYelHQafgGsnMSLBGI2PAvkY5XQGC5CewMJ5dDP3OhMM3nXJfZegKaVMKwLYtJpGs1+DlDCVoKDVeoOspdPNHhXU9WS3xvJEFnjz56CkNW7tUeawzgTd6YcPZdLRwKXNlCbWD18aI3zMfExf4jtvlsLVO9H5f6AyR1vTEltkCM1sJA5QENZQ6eYK+FCn14Oe6tW7GrQXH2fxpIGhmVyD6MoTKSKyqeElHV+d7M5jmEH0OkbaX1qi8l105H6llnSU3gDIAiIfXx3JwbDvSuN44Z3HpOsInxZ2SO1uShb4sntamHvvwTxD6s83t58aEFT4ZuMECrgk17BTlfBRMP5qBVXSsVyIenoq5UCfHUCOqDl0tiH0BscBoMWoONHkqd9xnrp/SIjHVNUgT2FKU8/BipAPmXeDZJLCzMQkhcxHEBG0sWlJbNinuXSo5oEUQL5Xy9qANx8t2//RZW9byP9N2tZmbQOth/N8Sq3oH1gf1T1HyOOYpVUyDOpCxMbSec5xcyLX7yHP6RkFZPKA6eoPktn4GYwEacJZt4hNBcnw/d5NyKHNWF3KULCV1s11xFZUPKg5d77kUR241Q8fDzTtZZ83KjklI8Z1TlPllVhHlC5f7QlIkPjhbjp739x37E5a+QzYDZhcNci2bRENffEqqlp0+YUTf8RjcK//f/jRLtAbiSSnFfzK6e2GlR86d5k6haNrM03MsuIteKIAL1ZXOPkjCyi8pQ8WVFWG22fSouVQC5+10yhHUzjixysjTowwThSJazY8ZIYzYmK2Isudna7UH6UXXQ/oE5ngiE6Jng9mws63HDSd6ZDa2d7skc5YJ5Yczi4PDWMNhfATQrrPYsfd0hS9gCFKa1D4yPuwZPmo+2ypyPvzCQWyLgCK7FGztWZ0mB1Ul3JvY0rGT++u1vzPjE9iQFz0+Iq3cxWn53HeDuaJtK7xSE7OM0/zbYd9K/U+5Xn1YBR2+3wo3thbBLeo17stEG2fW8nFTzFhQA7Urmsal4U7JP72Q12VYvQJoDMuBuzPnDlpkzqS0SdSBB8AvJI4RjPUX8stTglKfAJOH7L12cvfoeMOK6KtL3+tbaco5xnArAuAVSBNl45RNUYayploLR95ShuZt1ZVl/VaojVdUSTmLanrPIy4QrZFTdIpm8kkQli20zkZQzMpF2f1p6FSQflPnhIilz5hUOqOC/tFoXKKwHTmjeAa1fkcsOYRw/vLAHfk5FEEkAL7Q4vkbGZlzOAxWwFPGKNFtF3y4E/6HBvHQ3YEt9kb+b9XK+Fvm9pQqZuO8MQEHkprvI7sHtHNLlLtQ/JIkZdhBxVCZr6bXrcRNTxdahI0bTXZPZm7Z9fWGRAkmuAFrk5ANdXAvoBA7vGXrlIW1NkS2nz MIME-Version: 1.0 X-OriginatorOrg: digitaldj.net X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SYYP282MB1246.AUSP282.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 97d3ed0b-c2ac-473f-f119-08dccdd43f56 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Sep 2024 17:57:45.9028 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 79c5a93b-7a06-40ff-9dd1-42f8cb9aba59 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qE1jM54/H6HYtJ3yBc+bM7ffDaUSwojtak2HmEf32na5zWV1rz9iipPJb1tH/HrI6CyEO5M1yOs8GU3nSeuWoQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB0996 Message-ID-Hash: QBAD4TQABCY524XUZNUNK27K75FRFFND X-Message-ID-Hash: QBAD4TQABCY524XUZNUNK27K75FRFFND X-MailFrom: grant@digitaldj.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-flashrom.flashrom.org-0; header-match-flashrom.flashrom.org-1; header-match-flashrom.flashrom.org-2; header-match-flashrom.flashrom.org-3; header-match-flashrom.flashrom.org-4; header-match-flashrom.flashrom.org-5; header-match-flashrom.flashrom.org-6; header-match-flashrom.flashrom.org-7; header-match-flashrom.flashrom.org-8; header-match-flashrom.flashrom.org-9; header-match-flashrom.flashrom.org-10; header-match-flashrom.flashrom.org-11; header-match-flashrom.flashrom.org-12; header-match-flashrom.flashrom.org-13; header-match-flashrom.flashrom.org-14; header-match-flashrom.flashrom.org-15; header-match-flashrom.flashrom.org-16; header-match-flashrom.flashrom.org-17; header-match-flashrom.flashrom.org-18; header-match-flashrom.flashrom.org-19; header-match-flashrom.flashrom.org-20; header-match-flashrom.flashrom.org-21; header-match-flashrom.flashrom.org- 22; header-match-flashrom.flashrom.org-23; header-match-flashrom.flashrom.org-24; header-match-flashrom.flashrom.org-25; header-match-flashrom.flashrom.org-26; header-match-flashrom.flashrom.org-27; header-match-flashrom.flashrom.org-28; header-match-flashrom.flashrom.org-29; header-match-flashrom.flashrom.org-30; header-match-flashrom.flashrom.org-31; header-match-flashrom.flashrom.org-32; header-match-flashrom.flashrom.org-33; header-match-flashrom.flashrom.org-34; header-match-flashrom.flashrom.org-35; header-match-flashrom.flashrom.org-36; header-match-flashrom.flashrom.org-37; header-match-flashrom.flashrom.org-38; header-match-flashrom.flashrom.org-39; header-match-flashrom.flashrom.org-40; header-match-flashrom.flashrom.org-41; header-match-flashrom.flashrom.org-42; header-match-flashrom.flashrom.org-43; header-match-flashrom.flashrom.org-44; header-match-flashrom.flashrom.org-45; header-match-flashrom.flashrom.org-46; header-match-flashrom.flashrom.org-47; header-match-flash rom.flashrom.org-48; header-match-flashrom.flashrom.org-49; header-match-flashrom.flashrom.org-50; header-match-flashrom.flashrom.org-51; header-match-flashrom.flashrom.org-52; header-match-flashrom.flashrom.org-53; header-match-flashrom.flashrom.org-54; header-match-flashrom.flashrom.org-55; header-match-flashrom.flashrom.org-56; header-match-flashrom.flashrom.org-57; header-match-flashrom.flashrom.org-58; header-match-flashrom.flashrom.org-59; header-match-flashrom.flashrom.org-60; header-match-flashrom.flashrom.org-61; header-match-flashrom.flashrom.org-62; header-match-flashrom.flashrom.org-63; header-match-flashrom.flashrom.org-64; header-match-flashrom.flashrom.org-65; header-match-flashrom.flashrom.org-66; header-match-flashrom.flashrom.org-67; header-match-flashrom.flashrom.org-68; header-match-flashrom.flashrom.org-69; header-match-flashrom.flashrom.org-70; header-match-flashrom.flashrom.org-71; header-match-flashrom.flashrom.org-72; header-match-flashrom.flashrom.org-73; h eader-match-flashrom.flashrom.org-74; header-match-flashrom.flashrom.org-75; header-match-flashrom.flashrom.org-76; header-match-flashrom.flashrom.org-77; header-match-flashrom.flashrom.org-78; header-match-flashrom.flashrom.org-79; header-match-flashrom.flashrom.org-80; header-match-flashrom.flashrom.org-81; header-match-flashrom.flashrom.org-82; header-match-flashrom.flashrom.org-83; header-match-flashrom.flashrom.org-84; header-match-flashrom.flashrom.org-85; header-match-flashrom.flashrom.org-86; header-match-flashrom.flashrom.org-87; header-match-flashrom.flashrom.org-88; header-match-flashrom.flashrom.org-89; header-match-flashrom.flashrom.org-90; header-match-flashrom.flashrom.org-91; header-match-flashrom.flashrom.org-92; header-match-flashrom.flashrom.org-93; header-match-flashrom.flashrom.org-94; header-match-flashrom.flashrom.org-95; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [flashrom] flashrom1.4 segfault in init_eraseblock List-Id: flashrom discussion and development mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Patchwork-Original-From: Grant Pannell via flashrom From: Grant Pannell Reply-To: Grant Pannell X-Spamd-Bar: + X-Spam-Level: * Authentication-Results: coreboot.org; auth=pass smtp.auth=mailman@coreboot.org smtp.mailfrom=flashrom-bounces@flashrom.org Hi, Trying to report a bug in flashrom 1.4. I'm not subject matter expert, but I've done my best to try and debug and fix the issue. Seeking guidance from the experts on whether this is the solution :-) I found that in 1.4, it looks like the erase and write logic was refactored. Since then, I get segfaults when trying to flash my coreboot image. The chip is a Macronix MX25U6435E in a Protectli FW4B. I'm running on OpenBSD 7.5. The segfault occurs in erasure_layout.c: init_eraseblock line 55. I am no expert on the internals of flashrom, or what's going on here...but I've narrowed it down to segfaulting at the last iteration of this while loop. Code in question looks like: edata->first_sub_block_index = *sub_block_index; struct eraseblock_data *subedata = &layout[idx - 1].layout_list[*sub_block_index]; while (subedata->start_addr >= start_addr && subedata->end_addr <= end_addr && *sub_block_index < layout[idx-1].block_count) { (*sub_block_index)++; subedata++; } In my case, it seems that the last iteration looks like: layout[idx-1].block_count == 2048 *sub_block_index == 2047 subedata->end_addr == end_addr What then happens is, the variable "subedata" is incremented and the while condition is checked, but subedata is now out of bounds and the application segfaults. I'm pretty sure the while loop shouldn't iterate again because the next iteration would fail the *sub_block_index < layout[idx-1].block_count check (2048 < 2028). I solved this by short circuiting the while condition and checking that condition first, so that subedata is not accessed and flashrom successfully flashes my coreboot image. Patch included below. Is this an appropriate fix? Thank you, Grant --- erasure_layout.c.orig +++ erasure_layout.c @@ -52,8 +52,8 @@ edata->first_sub_block_index = *sub_block_index; struct eraseblock_data *subedata = &layout[idx - 1].layout_list[*sub_block_index]; - while (subedata->start_addr >= start_addr && subedata->end_addr <= end_addr && - *sub_block_index < layout[idx-1].block_count) { + while (*sub_block_index < layout[idx-1].block_count && + subedata->start_addr >= start_addr && subedata->end_addr <= end_addr) { (*sub_block_index)++; subedata++; }