env: fix potential stack overflow in environment functions

Most of the various environment functions create CONFIG_ENV_SIZE buffers on the stack. At least on ARM and PPC which have 4KB stacks, this can overflow the stack if we have large environment sizes. So move all the buffers off the stack to static buffers. Signed-off-by: Rob Herring <rob.herring@calxeda.com>
2025-11-02 03:17:29 +01:00 · 2013-03-22 11:26:21 +00:00
parent c17b94ec5e
commit 60d7d5a631
8 changed files with 74 additions and 63 deletions
--- a/common/env_dataflash.c
+++ b/common/env_dataflash.c
@@ -30,6 +30,7 @@ DECLARE_GLOBAL_DATA_PTR;
 env_t *env_ptr;

 char *env_name_spec = "dataflash";
+static char env_buf[CONFIG_ENV_SIZE];

 uchar env_get_char_spec(int index)
 {
@@ -42,11 +43,9 @@ uchar env_get_char_spec(int index)

 void env_relocate_spec(void)
 {
-	char buf[CONFIG_ENV_SIZE];
+	read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, env_buf);

-	read_dataflash(CONFIG_ENV_ADDR, CONFIG_ENV_SIZE, buf);
-
-	env_import(buf, 1);
+	env_import(env_buf, 1);
 }

 #ifdef CONFIG_ENV_OFFSET_REDUND
@@ -55,20 +54,20 @@ void env_relocate_spec(void)

 int saveenv(void)
 {
-	env_t	env_new;
+	env_t	*env_new = (env_t *)env_buf;
 	ssize_t	len;
 	char	*res;

-	res = (char *)&env_new.data;
+	res = (char *)env_new->data;
 	len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
 	if (len < 0) {
 		error("Cannot export environment: errno = %d\n", errno);
 		return 1;
 	}
-	env_new.crc = crc32(0, env_new.data, ENV_SIZE);
+	env_new->crc = crc32(0, env_new->data, ENV_SIZE);

 	return write_dataflash(CONFIG_ENV_ADDR,
-				(unsigned long)&env_new,
+				(unsigned long)env_new,
 				CONFIG_ENV_SIZE);
 }