aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/lantiq/ltq-vdsl-fw/src
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2014-01-21 09:51:16 +0000
committerJohn Crispin <john@openwrt.org>2014-01-21 09:51:16 +0000
commit384a662e05845226357fc77f782be768760b0cc7 (patch)
tree23fdd85ea6bb8848ec3fa280bdfa98dc16e7bd5b /package/kernel/lantiq/ltq-vdsl-fw/src
parent7ee639a81c2011c2baf00ed4c9a5fd0ac8c53355 (diff)
downloadupstream-384a662e05845226357fc77f782be768760b0cc7.tar.gz
upstream-384a662e05845226357fc77f782be768760b0cc7.tar.bz2
upstream-384a662e05845226357fc77f782be768760b0cc7.zip
lantiq: fix unaligned access in vdsl firmware extractor
Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 39356
Diffstat (limited to 'package/kernel/lantiq/ltq-vdsl-fw/src')
-rw-r--r--package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c b/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c
index b26c91ec22..ad2e018512 100644
--- a/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c
+++ b/package/kernel/lantiq/ltq-vdsl-fw/src/w921v_fw_cutter.c
@@ -43,7 +43,7 @@
#endif
-const char* part_type(u_int32_t id)
+const char* part_type(unsigned int id)
{
switch(id) {
case MAGIC_ANNEX_B:
@@ -58,8 +58,8 @@ const char* part_type(u_int32_t id)
int main(int argc, char **argv)
{
struct stat s;
- u_int8_t *buf_orig;
- u_int32_t *buf;
+ unsigned char *buf_orig;
+ unsigned int *buf;
int buflen;
int fd;
int i;
@@ -83,7 +83,8 @@ int main(int argc, char **argv)
}
buf_orig = malloc(s.st_size);
- if (!buf_orig) {
+ buf = malloc(s.st_size);
+ if (!buf_orig || !buf) {
printf("Failed to alloc %d bytes\n", s.st_size);
return -1;
}
@@ -94,6 +95,7 @@ int main(int argc, char **argv)
return -1;
}
+
buflen = read(fd, buf_orig, s.st_size);
close(fd);
if (buflen != s.st_size) {
@@ -112,22 +114,21 @@ int main(int argc, char **argv)
}
buflen -= 3;
memmove(&buf_orig[MAGIC_SZ], &buf_orig[MAGIC_SZ + 3], buflen - MAGIC_SZ);
- /* </magic> */
-
- buf = (u_int32_t*) buf_orig;
+ memcpy(buf, buf_orig, s.st_size);
+ /* </magic> */
do {
if (buf[end] == MAGIC_PART) {
end += 2;
printf("Found partition at 0x%08X with size %d\n",
- start * sizeof(u_int32_t),
- (end - start) * sizeof(u_int32_t));
+ start * sizeof(unsigned int),
+ (end - start) * sizeof(unsigned int));
if (buf[start] == MAGIC_LZMA) {
int dest_len = 1024 * 1024;
int len = buf[end - 3];
- u_int32_t id = buf[end - 6];
+ unsigned int id = buf[end - 6];
const char *type = part_type(id);
- u_int8_t *dest;
+ unsigned char *dest;
dest = malloc(dest_len);
if (!dest) {
@@ -135,7 +136,7 @@ int main(int argc, char **argv)
return -1;
}
- if (lzma_inflate((u_int8_t*)&buf[start], len, dest, &dest_len)) {
+ if (lzma_inflate((unsigned char*)&buf[start], len, dest, &dest_len)) {
printf("Failed to decompress data\n");
return -1;
}
@@ -158,7 +159,7 @@ int main(int argc, char **argv)
} else {
end++;
}
- } while(end < buflen / sizeof(u_int32_t));
+ } while(end < buflen / sizeof(unsigned int));
return 0;
}