[U-Boot-Users] WARNING: in 440gx_enet.c

[U-Boot-Users] WARNING: in 440gx_enet.c

[Roberts, John]

U-Boot 1.1.2
In function: int ppc_440x_eth_initialize (bd_t * bis)

This function malloc's a data structures

		/* Allocate our private use data */
		hw = (EMAC_440GX_HW_PST) malloc (sizeof (EMAC_440GX_HW_ST));

Later in function: static int ppc_440x_eth_init (struct eth_device *dev,
bd_t * bis)

	/* Free "old" buffers */
	if (hw_p->alloc_tx_buf)
		free (hw_p->alloc_tx_buf);
	if (hw_p->alloc_rx_buf)
		free (hw_p->alloc_rx_buf);


The first time through, the code assumes hw_p->alloc_tx_buf and
hw_p->alloc_rx_buf will be zero. A malloc doesn't guarantee that and the
variables are never initialized to zero. If the malloc'd memory is all "F"s
you end up with : free(0xFFFFFFFF); Or it may be any random non-zero value
you try to free.

I added a memset after the malloc to init the struct to zero. I suppose
replacing the malloc with calloc will do the trick as well.

-John Roberts

[U-Boot-Users] PATCH fix 440gx_enet.c driver was: WARNING: in 440gx_enet.c

[Travis B. Sawyer]

Roberts, John wrote:
> U-Boot 1.1.2
> In function: int ppc_440x_eth_initialize (bd_t * bis)
> 
> This function malloc's a data structures
> 
> 		/* Allocate our private use data */
> 		hw = (EMAC_440GX_HW_PST) malloc (sizeof (EMAC_440GX_HW_ST));
> 
> Later in function: static int ppc_440x_eth_init (struct eth_device *dev,
> bd_t * bis)
> 
> 	/* Free "old" buffers */
> 	if (hw_p->alloc_tx_buf)
> 		free (hw_p->alloc_tx_buf);
> 	if (hw_p->alloc_rx_buf)
> 		free (hw_p->alloc_rx_buf);
> 
> 
> The first time through, the code assumes hw_p->alloc_tx_buf and
> hw_p->alloc_rx_buf will be zero. A malloc doesn't guarantee that and the
> variables are never initialized to zero. If the malloc'd memory is all "F"s
> you end up with : free(0xFFFFFFFF); Or it may be any random non-zero value
> you try to free.
> 
> I added a memset after the malloc to init the struct to zero. I suppose
> replacing the malloc with calloc will do the trick as well.

(file) 405gp_enet.c 	 1.11 	 11 months 	 stroese 	 Fix bug in 405 
ethernet driver; allocated data not cleared!

Hmmm... Looks like I let that slip by when Stefan updated the 405
ethernet driver and I didn't update the 440 version.


CHANGELOG:
* Patch by Travis Sawyer, 10 June 2005:
   Initialize allocated dev and private hw structures
   after their respective allocation in 440gx_enet.c

Patch is attached...


Thanx

Travis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 440gx_enet_malloc.patch
Type: text/x-patch
Size: 685 bytes
Desc: not available
Url : http://lists.denx.de/pipermail/u-boot/attachments/20050610/c6f63e86/attachment.bin 

[U-Boot-Users] PATCH fix 440gx_enet.c driver was: WARNING: in 440gx_enet.c

[Wolfgang Denk]

In message <42A98FAB.7010305@sandburst.com> you wrote:
> 
> CHANGELOG:
> * Patch by Travis Sawyer, 10 June 2005:
>    Initialize allocated dev and private hw structures
>    after their respective allocation in 440gx_enet.c

Thanks. Checked in locally. Will push to publich CVS asap.

Best regards,

Wolfgang Denk

-- 
Software Engineering:  Embedded and Realtime Systems,  Embedded Linux
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Hi there! This is just a note from me, to you, to tell you, the  per-
son  reading this note, that I can't think up any more famous quotes,
jokes, nor bizarre stories, so you may as well go home.