search

Xilinx / bootgen

bootgen source code
Other
34 stars 42 forks source link

-verify crashes on ZynqMP boot.bin file #30

Open amworsley opened 8 months ago

amworsley commented 8 months ago

The -verify option was crashes bootgen on a ZynqMP boot.bin file as the code wasn't reading the image headers. Please find the following patch which fixed the problem:

From c6091d880c65665d1752c295b0c6c0f852b9afa8 Mon Sep 17 00:00:00 2001
From: Andrew Worsley <amworsley@gmail.com>
Date: Fri, 8 Mar 2024 12:39:31 +1100
Subject: [PATCH 1/2] Fix segfault in -verify option

Code wasn't reading in the boot.bin image file headers for the -verify option
So add in a call to ReadHeaderTableDetails() prior to ReadPartitions() which
assumes the iHT (Image Header Table) pointer has been initialised.
With out this it results in the following crash:

(gdb) run -arch zynqmp -verify  BOOT-zub1cg-rsa-new.bin -log trace
Starting program: /home/amw/work/src/bootgen/bootgen -arch zynqmp -verify  BOOT-zub1cg-rsa-new.bin -log trace
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

****** Bootgen v2023.2
  **** Build date : Mar  6 2024-17:46:38
    ** Copyright 1986-2022 Xilinx, Inc. All Rights Reserved.
    ** Copyright 2022-2023 Advanced Micro Devices, Inc. All Rights Reserved.

[TRACE]  : Command Line parsing started
[TRACE]  : Command: -arch zynqmp -verify BOOT-zub1cg-rsa-new.bin -log trace
[INFO]   : Command line parsing completed successfully

Program received signal SIGSEGV, Segmentation fault.
0x000055555564c452 in ZynqMpReadImage::VerifyAuthentication (this=0x55555572fa30,
    verifyImageOption=true) at verifyimage-zynqmp.cpp:55
55          if (iHT->headerAuthCertificateWordOffset != 0)
(gdb) p iHT
$1 = (ZynqMpImageHeaderTableStructure *) 0x0
(gdb) bt
    verifyImageOption=true) at verifyimage-zynqmp.cpp:55
    at main.cpp:73
---
 readimage-zynqmp.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readimage-zynqmp.cpp b/readimage-zynqmp.cpp
index af6993d..17e5896 100755
--- a/readimage-zynqmp.cpp
+++ b/readimage-zynqmp.cpp
@@ -100,6 +100,7 @@ void ZynqMpReadImage::ReadBinaryFile(DumpOption::Type dump, std::string path)
     {
         LOG_ERROR("The option '-read/-dump' is not supported on mcs format file : %s", binFilename.c_str());
     }
+    ReadHeaderTableDetails();
     ReadPartitions();
 }
 /*******************************************************************************/
-- 
2.30.2
c0d3d commented 8 months ago

@amworsley thanks, I had a different patch that I was going to submit, but yours looks better. I just made the PR in the hopes that they will merge it sooner

RamyaDarapuneni commented 8 months ago

Hi, we have an internal bug reported on the same and we are reviewing this. We will make sure to close ASAP.

embetrix commented 7 months ago

This piece of Software is sadly released to customers without a minimal Test + Verification !!!

c0d3d commented 7 months ago

@RamyaDarapuneni can you look at the PR I put up, it's just the change that @amworsley posted in the description of this issue. (here: https://github.com/Xilinx/bootgen/pull/31)