search

lynxis / iwleeprom

Automatically exported from code.google.com/p/iwleeprom
2 stars 1 forks source link

Crash whilst reading eeprom on AR9300 card #12

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Execute iwleeprom against ATheros 9300 series mini PCIE card 
2.
3.

What is the expected output? What do you see instead?

Expected not to crashdump. Actual behaviour is crash after eeprom is identified 
as being compressed. Actual output below:

Supported devices detected: 
  [1] 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E) (168c:0030, 106b:009a)
Select device [1-1] (or 0 to quit): 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E) 
IO driver: ath9300
No file names given nor actions selected!
No EEPROM actions will be performed, just write-enable test
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000  @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000  @03ff r=1
AR9300 device NVM type: EEPROM  (data block @03ff)
Found block at 3ff: code=3 ref=5 length=635 major=2 minor=12 (RAW: 0cb22765)
Calculating EEPROM CRC...
CRC (stored): c0a1
CRC (eval)  : c0a1
compression : block
*** Error in `iwleeprom': free(): invalid next size (normal): 0x09e527b0 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x767e2)[0xb760e7e2]
/lib/i386-linux-gnu/libc.so.6(+0x77530)[0xb760f530]
iwleeprom[0x804c55c]
iwleeprom[0x804c896]
iwleeprom[0x804a0a1]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0xb75b1935]
iwleeprom[0x80489a1]
======= Memory map: ========
08048000-08051000 r-xp 00000000 00:10 30689      /usr/local/sbin/iwleeprom
08051000-08052000 r--p 00008000 00:10 30689      /usr/local/sbin/iwleeprom
08052000-08053000 rw-p 00009000 00:10 30689      /usr/local/sbin/iwleeprom
08053000-08057000 rw-p 00000000 00:00 0 
09e49000-09e72000 rw-p 00000000 00:00 0          [heap]
b7548000-b7563000 r-xp 00000000 07:00 3660       
/lib/i386-linux-gnu/libgcc_s.so.1
b7563000-b7564000 r--p 0001a000 07:00 3660       
/lib/i386-linux-gnu/libgcc_s.so.1
b7564000-b7565000 rw-p 0001b000 07:00 3660       
/lib/i386-linux-gnu/libgcc_s.so.1
b7577000-b7597000 rw-s fbdc0000 00:05 1028       /dev/mem
b7597000-b7598000 rw-p 00000000 00:00 0 
b7598000-b7745000 r-xp 00000000 07:00 3635       
/lib/i386-linux-gnu/libc-2.17.so
b7745000-b7747000 r--p 001ad000 07:00 3635       
/lib/i386-linux-gnu/libc-2.17.so
b7747000-b7748000 rw-p 001af000 07:00 3635       
/lib/i386-linux-gnu/libc-2.17.so
b7748000-b774b000 rw-p 00000000 00:00 0 
b775a000-b775f000 rw-p 00000000 00:00 0 
b775f000-b7760000 r-xp 00000000 00:00 0          [vdso]
b7760000-b7780000 r-xp 00000000 07:00 3611       /lib/i386-linux-gnu/ld-2.17.so
b7780000-b7781000 r--p 0001f000 07:00 3611       /lib/i386-linux-gnu/ld-2.17.so
b7781000-b7782000 rw-p 00020000 07:00 3611       /lib/i386-linux-gnu/ld-2.17.so
bfa45000-bfa66000 rw-p 00000000 00:00 0          [stack]
Aborted

What version of the product are you using? On what operating system?
Using svn build as of 28/7/2013 on ubuntu x64 live 13.04 dvd

Please provide any additional information below.

Original issue reported on code.google.com by richard....@gmail.com on 28 Jul 2013 at 6:39

GoogleCodeExporter commented 9 years ago 
I encounter the same problem, who can help me?

root@Odebian:~/atheros-eeprom# ./iwleeprom -D 1 -o eep2.bin
debug level: 1
PCI devices:
................
    0000:02:00.0: class 0200   id 168c:abcd   subid 0000:0000 [RW, ath9300] AR9300 Wireless Adapter (PCI-E) 
....................
Supported devices detected: 
  [1] 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E) (168c:abcd, 0000:0000)
Select device [1-1] (or 0 to quit): 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E) 
IO driver: ath9300
Supported ops:  read write parse
address: fe9e0000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000  @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00620000  @03ff r=1
AR9300 device NVM type: EEPROM  (data block @03ff)
Found block at 3ff: code=3 ref=2 length=634 major=1 minor=4 (RAW: 04a12762)
Calculating EEPROM CRC...
CRC (stored): 8434
CRC (eval)  : 8434
compression : block
*** glibc detected *** ./iwleeprom: double free or corruption (!prev): 
0x08f6f7b0 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x70a8a)[0xb7639a8a]
/lib/i386-linux-gnu/libc.so.6(+0x722e8)[0xb763b2e8]
/lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0xb763e3ed]
./iwleeprom[0x804c64b]
./iwleeprom[0x804c98a]
./iwleeprom[0x804a136]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe6)[0xb75dfe16]
./iwleeprom[0x80489a1]
======= Memory map: ========
08048000-08051000 r-xp 00000000 08:07 2147845414  /root/atheros-eeprom/iwleeprom
08051000-08052000 r--p 00008000 08:07 2147845414  /root/atheros-eeprom/iwleeprom
08052000-08053000 rw-p 00009000 08:07 2147845414  /root/atheros-eeprom/iwleeprom
08053000-08057000 rw-p 00000000 00:00 0 
08f66000-08f8f000 rw-p 00000000 00:00 0          [heap]
b7400000-b7421000 rw-p 00000000 00:00 0 
b7421000-b7500000 ---p 00000000 00:00 0 
b7586000-b75a2000 r-xp 00000000 08:07 1342365344  
/lib/i386-linux-gnu/libgcc_s.so.1
b75a2000-b75a3000 rw-p 0001b000 08:07 1342365344  
/lib/i386-linux-gnu/libgcc_s.so.1
b75a8000-b75c8000 rw-s fe9e0000 08:07 2416210440  /dev/mem
b75c8000-b75c9000 rw-p 00000000 00:00 0 
b75c9000-b7710000 r-xp 00000000 08:07 1342334862  
/lib/i386-linux-gnu/libc-2.13.so
b7710000-b7711000 ---p 00147000 08:07 1342334862  
/lib/i386-linux-gnu/libc-2.13.so
b7711000-b7713000 r--p 00147000 08:07 1342334862  
/lib/i386-linux-gnu/libc-2.13.so
b7713000-b7714000 rw-p 00149000 08:07 1342334862  
/lib/i386-linux-gnu/libc-2.13.so
b7714000-b7717000 rw-p 00000000 00:00 0 
b771a000-b771e000 rw-p 00000000 00:00 0 
b771e000-b773a000 r-xp 00000000 08:07 1342334865  /lib/i386-linux-gnu/ld-2.13.so
b773a000-b773b000 r--p 0001b000 08:07 1342334865  /lib/i386-linux-gnu/ld-2.13.so
b773b000-b773c000 rw-p 0001c000 08:07 1342334865  /lib/i386-linux-gnu/ld-2.13.so
bfa99000-bfaba000 rw-p 00000000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted

Original comment by yjd0...@gmail.com on 14 Mar 2014 at 7:57

GoogleCodeExporter commented 9 years ago 
fixed in R42

Original comment by qpxt...@gmail.com on 31 Mar 2014 at 10:26