Rockbox

Tasklist

FS#9422 - segv when directory selected for iriver firmware

Attached to Project: Rockbox
Opened by Jon Burgess (jburgess777) - Friday, 26 September 2008, 23:32 GMT
Last edited by Dominik Riebeling (bluebrother) - Sunday, 28 September 2008, 21:13 GMT
Task Type Bugs
Category Rbutil
Status Closed
Assigned To No-one
Operating System Iriver H100 series
Severity Low
Priority Normal
Reported Version Daily build (which?)
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

When I first tried out the rbutil firmware loader I mistakenly selected the directory containing ihp_120.hex instead of the firmware file itself. This then caused a segv.

Running in GDB shows...

Program received signal SIGSEGV, Segmentation fault.
0x000000000047ea6a in md5_process (ctx=0x7fff25f229b0, data=0x7fff25f25ff0 "butilqt") at irivertools/md5sum.cpp:81
81 GET_UINT32( X[4], data, 16 );
Missing separate debuginfos, use: debuginfo-install OpenEXR.x86_64 bzip2.x86_64 fontconfig.x86_64 freetype.x86_64 gcc.x86_64 glib2.x86_64 ilmbase.x86_64 jasper.x86_64 kdebase-runtime.x86_64 kdelibs.x86_64 keyutils.x86_64 lcms.x86_64 libSM.x86_64 libXcursor.x86_64 libXext.x86_64 libXfixes.x86_64 libXft.x86_64 libXi.x86_64 libXinerama.x86_64 libXpm.x86_64 libXrandr.x86_64 libXrender.x86_64 libXtst.x86_64 libcap.x86_64 libjpeg.x86_64 libmng.x86_64 libpng.x86_64 libselinux.x86_64 libtiff.x86_64 libusb.x86_64 libxcb.x86_64 qt.x86_64
(gdb) bt
#0 0x000000000047ea6a in md5_process (ctx=0x7fff25f229b0, data=0x7fff25f25ff0 "butilqt") at irivertools/md5sum.cpp:81
#1 0x000000000048044e in md5_update (ctx=0x7fff25f229b0, input=0x7fff25f25ff0 "butilqt", length=18446744073709504959) at irivertools/md5sum.cpp:226
#2 0x0000000000480763 in FileMD5 (name=
{static null = {<No data fields>}, static shared_null = {ref = {_q_value = 1230}, alloc = 0, size = 0, data = 0x75269a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 9}, alloc = 0, size = 0, data = 0x3f674270fa, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x7fff25f22ad0, static codecForCStrings = 0x0}, md5=0x7fff25f22aa0 "") at irivertools/md5sum.cpp:286
#3 0x000000000045a4d9 in BootloaderInstaller::iriverPrepare (this=0x1249d00) at installbootloader.cpp:1238
...
(gdb) up
#1 0x000000000048044e in md5_update (ctx=0x7fff25f229b0, input=0x7fff25f25ff0 "butilqt", length=18446744073709504959) at irivertools/md5sum.cpp:226
226 md5_process( ctx, input );
(gdb) up
#2 0x0000000000480763 in FileMD5 (name=
{static null = {<No data fields>}, static shared_null = {ref = {_q_value = 1230}, alloc = 0, size = 0, data = 0x75269a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 9}, alloc = 0, size = 0, data = 0x3f674270fa, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x7fff25f22ad0, static codecForCStrings = 0x0}, md5=0x7fff25f22aa0 "") at irivertools/md5sum.cpp:286
286 md5_update(&ctx, block, read);
(gdb) l
281 return 0;
282 }
283 md5_starts(&ctx);
284 while ( !file.atEnd() ) {
285 read = file.read((char*)block, sizeof(block));
286 md5_update(&ctx, block, read);
287 }
(gdb) p read
$5 = -1

==> It seems the crash is caused because there is no check for the read on line 285 returning an error (-1).
This task depends upon

Closed by  Dominik Riebeling (bluebrother)
Sunday, 28 September 2008, 21:13 GMT
Reason for closing:  Out of Date
Additional comments about closing:  Bootloader installation has been completely reworked (just got committed today). Therefore the offending code has been removed. Thanks for reporting nevertheless.

Loading...