Re: [PATCH] use of uninitialized stack buffer in crl bootldr

Yann,

On Tue, Apr 29, 2008 at 10:20 PM, Yann Dirson <ydirson_at_altern.org> wrote:
> Hi all,
>
> While trying to boot a kernel loaded through ymodem in my h3950, I was
> hit by this problem: the kernel gets a garbage parameter inserted in
> command-line after parameters from the "linuxargs" setting.
>
> Quite upsetingly, it did not occur at first for a couple of
> unsuccessful boots panicking for a rootfs, but only after I
> successfully booted using an initrd (which is surely what it got
> previously unnoticed). After that boot I consistently got a garbage
> parameter added by bootldr after my args.
>
> It took me to dive into the code to find the cause: the use of
> uninitialized stack buffer in command_boot_addr, which also occurs in
> command_boot_flash.
>
> For those without a jtag at hand not willing to risk bricking their
> ipaq, there is fortunately a workaround to this: run "boot jffs2" or
> "boot jffs" (so the buffer gets reset), but with a rootfs linux won't
> find (so the buffer does not get overwritten again by the running OS).
>
> Here is a patch - which I could not test because of lack of a jtag
> probe. It is the trivial port of the same fix already in
> command_boot_(jffs|jffs2).
>
> I don't know if anyone still commits any fixes to the bootldr cvs
> those days. If anyone would have a suitable jtag hardware to donate,
> I'd be glad to test this, and maybe dive into other things for this
> hardware.
>
> Best regards,
> --
> Yann.
> _______________________________________________
> Kernel-bugs mailing list
> Kernel-bugs_at_handhelds.org
> https://www.handhelds.org/mailman/listinfo/kernel-bugs
>

I have not found any patch attatched to your mail - could you resend
it and cc it to me ?
I would like to have a look at it. Garbage after linuxargs was a
problem with initramfs kernel booting on h5000.
Personally I don't think that anyone is willing to touch the bootldr
sources... It is old, unmaintained etc... But I would like to know
what is going on....
If you could post some output with the garbage - I would be grateful too....

-- 
Best regards
Michal Panczyk