From 382f727be337d283aeeaf9d3fffd765f29a25752 Mon Sep 17 00:00:00 2001 From: Kostas Missos Date: Thu, 23 Aug 2018 04:37:02 +0300 Subject: [PATCH] Fix all the bugs - Mem leaks - Stack corruption - Div by 0 - Double frees --- bootloader/config/config.c | 4 ++-- bootloader/config/ini.c | 9 +++++---- bootloader/main.c | 18 ++++++++++-------- bootloader/sec/se.c | 3 +++ bootloader/soc/clock.c | 3 ++- bootloader/soc/i2c.c | 2 +- bootloader/storage/sdmmc.c | 4 ++++ bootloader/utils/dirlist.c | 4 ++++ 8 files changed, 31 insertions(+), 16 deletions(-) diff --git a/bootloader/config/config.c b/bootloader/config/config.c index 3312028..9ae7cdd 100644 --- a/bootloader/config/config.c +++ b/bootloader/config/config.c @@ -213,7 +213,7 @@ void _config_autoboot_list() } else { - EPRINTF("Could not find or open 'hekate_ipl.ini'.\nMake sure it exists in SD Card!."); + EPRINTF("Could not open 'bootloader/hekate_ipl.ini'.\nMake sure it exists in SD Card!."); goto out; } } @@ -335,7 +335,7 @@ void config_autoboot() } else { - EPRINTF("Could not find or open 'hekate_ipl.ini'.\nMake sure it exists in SD Card!."); + EPRINTF("Could not open 'bootloader/hekate_ipl.ini'.\nMake sure it exists in SD Card!."); goto out; } } diff --git a/bootloader/config/ini.c b/bootloader/config/ini.c index 1388458..7017937 100644 --- a/bootloader/config/ini.c +++ b/bootloader/config/ini.c @@ -152,7 +152,7 @@ int ini_parse(link_t *dst, char *ini_path, bool is_dir) csec->name = NULL; csec->type = INI_NEWLINE; } - else if (csec->type == INI_CHOICE) //Extract key/value. + else if (csec && csec->type == INI_CHOICE) //Extract key/value. { u32 i; for (i = 0; i < lblen && lbuf[i] != '\n' && lbuf[i] != '='; i++) @@ -181,7 +181,7 @@ int ini_parse(link_t *dst, char *ini_path, bool is_dir) void ini_free(link_t *dst) { - if (dst == NULL) + if (!dst->prev || !dst->next) return; LIST_FOREACH_ENTRY(ini_sec_t, ini_sec, dst, link) @@ -196,10 +196,11 @@ void ini_free(link_t *dst) } } free(ini_sec->name); - free(ini_sec); + //TODO: Free section structs. + //free(ini_sec); } - dst = NULL; + list_init(dst); } ini_sec_t *ini_clone_section(ini_sec_t *cfg) diff --git a/bootloader/main.c b/bootloader/main.c index 0be4783..977cab4 100644 --- a/bootloader/main.c +++ b/bootloader/main.c @@ -568,6 +568,7 @@ void print_mmc_info() card_type = storage.ext_csd.card_type; u8 card_type_support[96]; u8 pos_type = 0; + card_type_support[0] = 0; if (card_type & EXT_CSD_CARD_TYPE_HS_26) { memcpy(card_type_support, "HS26", 4); @@ -1196,7 +1197,6 @@ int dump_emmc_part(char *sd_path, sdmmc_storage_t *storage, emmc_part_t *part) { EPRINTF("\nPress any key and try again...\n"); - free(buf); return 0; } else @@ -1451,7 +1451,6 @@ int restore_emmc_part(char *sd_path, sdmmc_storage_t *storage, emmc_part_t *part { EPRINTF("\nPress any key and try again...\n"); - free(buf); return 0; } else @@ -1831,7 +1830,11 @@ void launch_tools(u8 type) free(filelist); } else + { + free(ments); goto out; + } + if (file_sec) { @@ -1918,7 +1921,7 @@ void ini_list_launcher() else EPRINTF("No ini configurations found."); free(ments); - //ini_free(&ini_list_sections); // This breaks hos_launch config parsing. + ini_free(&ini_list_sections); } else EPRINTF("Could not find any ini\nin bootloader/ini folder!"); @@ -2026,7 +2029,7 @@ void launch_firmware() ini_free(&ini_sections); } else - EPRINTF("Could not find or open 'hekate_ipl.ini'.\nMake sure it exists in SD Card!"); + EPRINTF("Could not open 'bootloader/hekate_ipl.ini'.\nMake sure it exists in SD Card!"); } if (!cfg_sec) @@ -2047,11 +2050,11 @@ void launch_firmware() if (payload_path) { ini_free_section(cfg_sec); - //if (launch_payload(payload_path, false)) - //{ + if (launch_payload(payload_path, false)) + { EPRINTF("Failed to launch payload."); free(payload_path); - //} + } } else if (!hos_launch(cfg_sec)) EPRINTF("Failed to launch firmware."); @@ -2260,7 +2263,6 @@ void auto_launch_firmware() BOOTLOGO = (void *)malloc(0x4000); blz_uncompress_srcdest(BOOTLOGO_BLZ, SZ_BOOTLOGO_BLZ, BOOTLOGO, SZ_BOOTLOGO); gfx_set_rect_grey(&gfx_ctxt, BOOTLOGO, X_BOOTLOGO, Y_BOOTLOGO, 326, 544); - free(BOOTLOGO); } free(BOOTLOGO); diff --git a/bootloader/sec/se.c b/bootloader/sec/se.c index 7a58220..3578c21 100644 --- a/bootloader/sec/se.c +++ b/bootloader/sec/se.c @@ -105,6 +105,9 @@ static int _se_execute(u32 op, void *dst, u32 dst_size, const void *src, u32 src static int _se_execute_one_block(u32 op, void *dst, u32 dst_size, const void *src, u32 src_size) { + if (!src || !dst) + return 0; + u8 *block = (u8 *)malloc(0x10); memset(block, 0, 0x10); diff --git a/bootloader/soc/clock.c b/bootloader/soc/clock.c index 1d461da..3b20f8c 100644 --- a/bootloader/soc/clock.c +++ b/bootloader/soc/clock.c @@ -336,7 +336,8 @@ static int _clock_sdmmc_config_clock_source_inner(u32 *pout, u32 id, u32 val) divisor = 2; break; default: - return 0; + *pout = 24728; + divisor = 31; } _clock_sdmmc_table[2 * id] = val; diff --git a/bootloader/soc/i2c.c b/bootloader/soc/i2c.c index ab27170..255e372 100644 --- a/bootloader/soc/i2c.c +++ b/bootloader/soc/i2c.c @@ -129,7 +129,7 @@ int i2c_send_byte(u32 idx, u32 x, u32 y, u8 b) u8 i2c_recv_byte(u32 idx, u32 x, u32 y) { - u8 tmp; + u8 tmp = 0; i2c_recv_buf_small(&tmp, 1, idx, x, y); return tmp; } diff --git a/bootloader/storage/sdmmc.c b/bootloader/storage/sdmmc.c index 2af73b6..20e3119 100644 --- a/bootloader/storage/sdmmc.c +++ b/bootloader/storage/sdmmc.c @@ -1085,7 +1085,11 @@ int sdmmc_storage_init_sd(sdmmc_storage_t *storage, sdmmc_t *sdmmc, u32 id, u32 u8 *buf = (u8 *)malloc(512); if (!_sd_storage_get_scr(storage, buf)) + { + free(buf); return 0; + } + //gfx_hexdump(&gfx_con, 0, storage->raw_scr, 8); DPRINTF("[SD] got scr\n"); diff --git a/bootloader/utils/dirlist.c b/bootloader/utils/dirlist.c index 5c01cd9..0dac3d2 100644 --- a/bootloader/utils/dirlist.c +++ b/bootloader/utils/dirlist.c @@ -53,7 +53,11 @@ char *dirlist(char *directory) f_closedir(&dir); } else + { + free(temp); + free(dir_entries); return NULL; + } for (i = 0; i < k - 1 ; i++) {