Fixed
Created: Nov 19, 2019
Updated: Feb 11, 2020
Resolved Date: Dec 15, 2019
Found In Version: 10.18.44.9
Fix Version: 10.18.44.14
Severity: Severe
Applicable for: Wind River Linux LTS 18
Component/s: BSP
a difference between WRL8 and WRL LTS18 on how the Read function
(ssize_t read(int fd, void *buf, size_t count) acceses their hwdb.db file.
After reading the struct values:
* in WRL8 it had 4 bytes
* in LTS18 is has 2 bytes.
Later we have the network to host conversion for totalsize and that causes a big number sent to the malloc function and this results in a crash:
struct dt_blob_header {
uint32_t magic;
uint32_t totalsize;
uint32_t off_dt_struct; /* offset to structure */
uint32_t off_dt_strings; /* offset to strings */
uint32_t off_mem_rsvmap; /* offset to memory rsv map */
uint32_t version;
uint32_t last_comp_version; /* last compatible version */
uint32_t boot_cpuid_phys;
uint32_t dt_strings_size; /* size of the DT strings block */
};
struct dt_blob_header head;
read(fd, &head, head_len);
lseek(fd, 0L, SEEK_SET);
WRL LTS18:
#012uint32_t magic 60926 --> EDFE
#012uint32_t totalsize 112 --> 70
#012uint32_t off_dt_struct 14337 --> 3801
#012uint32_t off_dt_strings 102 --> 66
#012uint32_t off_mem_rsvmap 10240 --> 2800
#012 uint32_t version 4352 --> 1100
#012 uint32_t last_comp_version 4096 --> 1000
#012uint32_t boot_cpuid_phys 0
Depends on the flash type. customer board use s25fl512s and n25q512a13, they are dual mode.
