cfi_spansion_write_block() passes an arm_algorithm struct to
target_run_algorithm() which in turn calls armv7m_start_algorithm()
which expect an armv7m_algorithm struct.
As armv7m_algorithm is bigger than arm_algorithm, when
armv7m_start_algorithm() writes in the struct, it overrun the buffer,
writting junk on the stack, which latter on generates a segfault.
This patch ensure we use a properly sized armv7m_algorithm struct
when the target is an armv7m.
Change-Id: I4ab67c15ae4bb72454414a81b92a4231dcdb2239
Signed-off-by: Aurelien Jacobs <aurel@gnuage.org>
Reviewed-on: http://openocd.zylin.com/623
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
struct target *target = bank->target;
struct reg_param reg_params[10];
struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
struct target *target = bank->target;
struct reg_param reg_params[10];
- struct arm_algorithm arm_algo;
+ struct arm_algorithm *arm_algo;
+ struct arm_algorithm armv4_5_algo;
+ struct armv7m_algorithm armv7m_algo;
struct working_area *source;
uint32_t buffer_size = 32768;
uint32_t status;
struct working_area *source;
uint32_t buffer_size = 32768;
uint32_t status;
return cfi_spansion_write_block_mips(bank, buffer, address, count);
if (is_armv7m(target_to_armv7m(target))) { /* Cortex-M3 target */
return cfi_spansion_write_block_mips(bank, buffer, address, count);
if (is_armv7m(target_to_armv7m(target))) { /* Cortex-M3 target */
- arm_algo.common_magic = ARMV7M_COMMON_MAGIC;
- arm_algo.core_mode = ARMV7M_MODE_HANDLER;
- arm_algo.core_state = ARM_STATE_ARM;
+ armv7m_algo.common_magic = ARMV7M_COMMON_MAGIC;
+ armv7m_algo.core_mode = ARMV7M_MODE_HANDLER;
+ arm_algo = (struct arm_algorithm *)&armv7m_algo;
} else if (is_arm(target_to_arm(target))) {
/* All other ARM CPUs have 32 bit instructions */
} else if (is_arm(target_to_arm(target))) {
/* All other ARM CPUs have 32 bit instructions */
- arm_algo.common_magic = ARM_COMMON_MAGIC;
- arm_algo.core_mode = ARM_MODE_SVC;
- arm_algo.core_state = ARM_STATE_ARM;
+ armv4_5_algo.common_magic = ARM_COMMON_MAGIC;
+ armv4_5_algo.core_mode = ARM_MODE_SVC;
+ armv4_5_algo.core_state = ARM_STATE_ARM;
+ arm_algo = &armv4_5_algo;
} else {
LOG_ERROR("Unknown architecture");
return ERROR_FAIL;
} else {
LOG_ERROR("Unknown architecture");
return ERROR_FAIL;
switch (bank->bus_width) {
case 1:
switch (bank->bus_width) {
case 1:
- if (arm_algo.common_magic != ARM_COMMON_MAGIC) {
+ if (arm_algo->common_magic != ARM_COMMON_MAGIC) {
LOG_ERROR("Unknown ARM architecture");
return ERROR_FAIL;
}
LOG_ERROR("Unknown ARM architecture");
return ERROR_FAIL;
}
case 2:
/* Check for DQ5 support */
if (cfi_info->status_poll_mask & (1 << 5)) {
case 2:
/* Check for DQ5 support */
if (cfi_info->status_poll_mask & (1 << 5)) {
- if (arm_algo.common_magic == ARM_COMMON_MAGIC) {/* armv4_5 target */
+ if (arm_algo->common_magic == ARM_COMMON_MAGIC) {/* armv4_5 target */
target_code_src = armv4_5_word_16_code;
target_code_size = sizeof(armv4_5_word_16_code);
target_code_src = armv4_5_word_16_code;
target_code_size = sizeof(armv4_5_word_16_code);
- } else if (arm_algo.common_magic == ARMV7M_COMMON_MAGIC) { /*
+ } else if (arm_algo->common_magic == ARMV7M_COMMON_MAGIC) { /*
}
} else {
/* No DQ5 support. Use DQ7 DATA# polling only. */
}
} else {
/* No DQ5 support. Use DQ7 DATA# polling only. */
- if (arm_algo.common_magic != ARM_COMMON_MAGIC) {
+ if (arm_algo->common_magic != ARM_COMMON_MAGIC) {
LOG_ERROR("Unknown ARM architecture");
return ERROR_FAIL;
}
LOG_ERROR("Unknown ARM architecture");
return ERROR_FAIL;
}
- if (arm_algo.common_magic != ARM_COMMON_MAGIC) {
+ if (arm_algo->common_magic != ARM_COMMON_MAGIC) {
LOG_ERROR("Unknown ARM architecture");
return ERROR_FAIL;
}
LOG_ERROR("Unknown ARM architecture");
return ERROR_FAIL;
}
retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
cfi_info->write_algorithm->address,
cfi_info->write_algorithm->address + ((target_code_size) - 4),
retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
cfi_info->write_algorithm->address,
cfi_info->write_algorithm->address + ((target_code_size) - 4),
if (retval != ERROR_OK)
break;
if (retval != ERROR_OK)
break;
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)