From 9d41a098d70dd9b38b7a136ffb92bb815005670b Mon Sep 17 00:00:00 2001 From: Konstantin Kondrashov Date: Thu, 28 Nov 2024 15:47:18 +0200 Subject: [PATCH 1/3] fix(esp_system): Fix structurally dead code in esp_ipc.c ipc_task --- components/esp_system/esp_ipc.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/components/esp_system/esp_ipc.c b/components/esp_system/esp_ipc.c index 0cbcfc41d0..84d9e2195b 100644 --- a/components/esp_system/esp_ipc.c +++ b/components/esp_system/esp_ipc.c @@ -89,12 +89,6 @@ static void IRAM_ATTR ipc_task(void* arg) } #endif // !CONFIG_FREERTOS_UNICORE } - // TODO: currently this is unreachable code. Introduce esp_ipc_uninit - // function which will signal to both tasks that they can shut down. - // Not critical at this point, we don't have a use case for stopping - // IPC yet. - // Also need to delete the semaphore here. - vTaskDelete(NULL); } /* From 5a245a389ba5eebf097ae874a84e65562e702845 Mon Sep 17 00:00:00 2001 From: Konstantin Kondrashov Date: Thu, 28 Nov 2024 16:39:48 +0200 Subject: [PATCH 2/3] fix(bootloader_support): Fix overflowed constant in bootloader_sha256_flash_contents --- .../bootloader_support/src/bootloader_utility.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/components/bootloader_support/src/bootloader_utility.c b/components/bootloader_support/src/bootloader_utility.c index 9da668af3e..11d57ee1f0 100644 --- a/components/bootloader_support/src/bootloader_utility.c +++ b/components/bootloader_support/src/bootloader_utility.c @@ -1234,7 +1234,16 @@ esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len, while (len > 0) { uint32_t mmu_page_offset = ((flash_offset & MMAP_ALIGNED_MASK) != 0) ? 1 : 0; /* Skip 1st MMU Page if it is already populated */ - uint32_t partial_image_len = MIN(len, ((mmu_free_pages_count - mmu_page_offset) * SPI_FLASH_MMU_PAGE_SIZE)); /* Read the image that fits in the free MMU pages */ + uint32_t max_pages = (mmu_free_pages_count > mmu_page_offset) ? (mmu_free_pages_count - mmu_page_offset) : 0; + if (max_pages == 0) { + ESP_LOGE(TAG, "No free MMU pages are available"); + return ESP_ERR_NO_MEM; + } + uint32_t max_image_len; + if (__builtin_mul_overflow(max_pages, SPI_FLASH_MMU_PAGE_SIZE, &max_image_len)) { + max_image_len = UINT32_MAX; + } + uint32_t partial_image_len = MIN(len, max_image_len); /* Read the image that fits in the free MMU pages */ const void * image = bootloader_mmap(flash_offset, partial_image_len); if (image == NULL) { From ad38ba16ddf6b9291953f95a87b55616eba8d50c Mon Sep 17 00:00:00 2001 From: Konstantin Kondrashov Date: Thu, 28 Nov 2024 16:51:00 +0200 Subject: [PATCH 3/3] fix(bootloader_support): Fix overflowed constant in process_segment --- components/bootloader_support/src/esp_image_format.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c index bb57d9f698..cd91876fb8 100644 --- a/components/bootloader_support/src/esp_image_format.c +++ b/components/bootloader_support/src/esp_image_format.c @@ -616,7 +616,16 @@ static esp_err_t process_segment(int index, uint32_t flash_addr, esp_image_segme #endif uint32_t offset_page = ((data_addr & MMAP_ALIGNED_MASK) != 0) ? 1 : 0; /* Data we could map in case we are not aligned to PAGE boundary is one page size lesser. */ - data_len = MIN(data_len_remain, ((free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE)); + uint32_t max_pages = (free_page_count > offset_page) ? (free_page_count - offset_page) : 0; + if (max_pages == 0) { + ESP_LOGE(TAG, "No free MMU pages are available"); + return ESP_ERR_NO_MEM; + } + uint32_t max_image_len; + if (__builtin_mul_overflow(max_pages, SPI_FLASH_MMU_PAGE_SIZE, &max_image_len)) { + max_image_len = UINT32_MAX; + } + data_len = MIN(data_len_remain, max_image_len); CHECK_ERR(process_segment_data(index, load_addr, data_addr, data_len, do_load, sha_handle, checksum, metadata)); data_addr += data_len; data_len_remain -= data_len;