diff options
author | John Crispin <john@openwrt.org> | 2014-01-21 09:51:16 +0000 |
---|---|---|
committer | John Crispin <john@openwrt.org> | 2014-01-21 09:51:16 +0000 |
commit | 384a662e05845226357fc77f782be768760b0cc7 (patch) | |
tree | 23fdd85ea6bb8848ec3fa280bdfa98dc16e7bd5b /package/kernel/lantiq/ltq-vdsl-fw/src | |
parent | 7ee639a81c2011c2baf00ed4c9a5fd0ac8c53355 (diff) | |
download | upstream-384a662e05845226357fc77f782be768760b0cc7.tar.gz upstream-384a662e05845226357fc77f782be768760b0cc7.tar.bz2 upstream-384a662e05845226357fc77f782be768760b0cc7.zip |
lantiq: fix unaligned access in vdsl firmware extractor
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 39356
Diffstat (limited to 'package/kernel/lantiq/ltq-vdsl-fw/src')
-rw-r--r-- | package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c b/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c index b26c91ec22..ad2e018512 100644 --- a/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c +++ b/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c @@ -43,7 +43,7 @@ #endif -const char* part_type(u_int32_t id) +const char* part_type(unsigned int id) { switch(id) { case MAGIC_ANNEX_B: @@ -58,8 +58,8 @@ const char* part_type(u_int32_t id) int main(int argc, char **argv) { struct stat s; - u_int8_t *buf_orig; - u_int32_t *buf; + unsigned char *buf_orig; + unsigned int *buf; int buflen; int fd; int i; @@ -83,7 +83,8 @@ int main(int argc, char **argv) } buf_orig = malloc(s.st_size); - if (!buf_orig) { + buf = malloc(s.st_size); + if (!buf_orig || !buf) { printf("Failed to alloc %d bytes\n", s.st_size); return -1; } @@ -94,6 +95,7 @@ int main(int argc, char **argv) return -1; } + buflen = read(fd, buf_orig, s.st_size); close(fd); if (buflen != s.st_size) { @@ -112,22 +114,21 @@ int main(int argc, char **argv) } buflen -= 3; memmove(&buf_orig[MAGIC_SZ], &buf_orig[MAGIC_SZ + 3], buflen - MAGIC_SZ); - /* </magic> */ - - buf = (u_int32_t*) buf_orig; + memcpy(buf, buf_orig, s.st_size); + /* </magic> */ do { if (buf[end] == MAGIC_PART) { end += 2; printf("Found partition at 0x%08X with size %d\n", - start * sizeof(u_int32_t), - (end - start) * sizeof(u_int32_t)); + start * sizeof(unsigned int), + (end - start) * sizeof(unsigned int)); if (buf[start] == MAGIC_LZMA) { int dest_len = 1024 * 1024; int len = buf[end - 3]; - u_int32_t id = buf[end - 6]; + unsigned int id = buf[end - 6]; const char *type = part_type(id); - u_int8_t *dest; + unsigned char *dest; dest = malloc(dest_len); if (!dest) { @@ -135,7 +136,7 @@ int main(int argc, char **argv) return -1; } - if (lzma_inflate((u_int8_t*)&buf[start], len, dest, &dest_len)) { + if (lzma_inflate((unsigned char*)&buf[start], len, dest, &dest_len)) { printf("Failed to decompress data\n"); return -1; } @@ -158,7 +159,7 @@ int main(int argc, char **argv) } else { end++; } - } while(end < buflen / sizeof(u_int32_t)); + } while(end < buflen / sizeof(unsigned int)); return 0; } |