FreeCalypso > hg > freecalypso-tools
view rvinterf/etmsync/memops.c @ 1011:6d9b10633f10 default tip
etmsync Pirelli IMEI retrieval: fix poor use of printf()
Bug reported by Vadim Yanitskiy <fixeria@osmocom.org>: the construct
where a static-allocated string was passed to printf() without any
format arguments causes newer compilers to report a security problem.
Given that formatted output is not needed here, just fixed string
output, change printf() to fputs(), and direct the error message
to stderr while at it.
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Thu, 23 May 2024 17:29:57 +0000 |
| parents | e7502631a0f9 |
| children |
line wrap: on
line source
/* * Functions for reading memory regions and Calypso die ID via ETM */ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <strings.h> #include "etm.h" #include "tm3.h" #include "limits.h" #include "localtypes.h" #include "exitcodes.h" extern u_char rvi_msg[]; extern int rvi_msg_len; do_memory_read(memaddr, databuf, nbytes) u32 memaddr; u_char *databuf; { u_char cmdpkt[10]; int rc; if (nbytes > MAX_MEMREAD_BYTES) { printf("error: # of bytes to read may not exceed %d\n", MAX_MEMREAD_BYTES); return(ERROR_USAGE); } cmdpkt[1] = ETM_CORE; cmdpkt[2] = TMCORE_OPC_MEM; cmdpkt[3] = 0x01; cmdpkt[4] = nbytes; cmdpkt[5] = memaddr; cmdpkt[6] = memaddr >> 8; cmdpkt[7] = memaddr >> 16; cmdpkt[8] = memaddr >> 24; rc = etm_pkt_exch(cmdpkt, 8); if (rc) return(rc); if (rvi_msg[3]) { printf("ETM error response to mem read request: 0x%02X\n", rvi_msg[3]); return(ERROR_TARGET); } if (rvi_msg_len != nbytes + 7) { printf("error: mem read response has wrong length\n"); return(ERROR_TARGET); } if (rvi_msg[4] != TMCORE_OPC_MEM || rvi_msg[5] != 0x01) { printf("error: mem read response has wrong opcode\n"); return(ERROR_TARGET); } bcopy(rvi_msg + 6, databuf, nbytes); return(0); } do_memory_read_16(memaddr, databuf, nwords) u32 memaddr; u_char *databuf; { u_char cmdpkt[10]; int rc; if (nwords > MAX_MEMREAD_16BIT) { printf("error: # of 16-bit words to read may not exceed %d\n", MAX_MEMREAD_16BIT); return(ERROR_USAGE); } cmdpkt[1] = ETM_CORE; cmdpkt[2] = TMCORE_OPC_MEM; cmdpkt[3] = 0x02; cmdpkt[4] = nwords; cmdpkt[5] = memaddr; cmdpkt[6] = memaddr >> 8; cmdpkt[7] = memaddr >> 16; cmdpkt[8] = memaddr >> 24; rc = etm_pkt_exch(cmdpkt, 8); if (rc) return(rc); if (rvi_msg[3]) { printf("ETM error response to mem read 16 request: 0x%02X\n", rvi_msg[3]); return(ERROR_TARGET); } if (rvi_msg_len != nwords * 2 + 7) { printf("error: mem read 16 response has wrong length\n"); return(ERROR_TARGET); } if (rvi_msg[4] != TMCORE_OPC_MEM || rvi_msg[5] != 0x02) { printf("error: mem read 16 response has wrong opcode\n"); return(ERROR_TARGET); } bcopy(rvi_msg + 6, databuf, nwords * 2); return(0); } do_memory_read_tm3(memaddr, databuf, nbytes) u32 memaddr; u_char *databuf; { u_char cmdpkt[11]; int rc; if (nbytes > TM3_MEMREAD_MAX) { printf("error: # of bytes to read may not exceed %d\n", TM3_MEMREAD_MAX); return(ERROR_USAGE); } cmdpkt[1] = MEM_READ; cmdpkt[2] = memaddr; cmdpkt[3] = memaddr >> 8; cmdpkt[4] = memaddr >> 16; cmdpkt[5] = memaddr >> 24; cmdpkt[6] = nbytes; cmdpkt[7] = 0; cmdpkt[8] = 0; cmdpkt[9] = 0; rc = etm_pkt_exch(cmdpkt, 9); if (rc) return(rc); if (rvi_msg[3]) { printf("TM3 error response to mem read request: 0x%02X\n", rvi_msg[3]); return(ERROR_TARGET); } if (rvi_msg_len != nbytes + 9) { printf("error: mem read response has wrong length\n"); return(ERROR_TARGET); } if (rvi_msg[4] != nbytes || rvi_msg[5] || rvi_msg[6] || rvi_msg[7]) { printf("error: mem read response has wrong length echo\n"); return(ERROR_TARGET); } bcopy(rvi_msg + 8, databuf, nbytes); return(0); } do_dieid_read(databuf) u_char *databuf; { u_char cmdpkt[4]; int rc; cmdpkt[1] = ETM_CORE; cmdpkt[2] = TMCORE_OPC_DIEID; rc = etm_pkt_exch(cmdpkt, 2); if (rc) return(rc); if (rvi_msg[3]) { printf("ETM error response to die ID read request: 0x%02X\n", rvi_msg[3]); return(ERROR_TARGET); } if (rvi_msg_len != 14) { printf("error: die ID read response has wrong length\n"); return(ERROR_TARGET); } if (rvi_msg[4] != TMCORE_OPC_DIEID) { printf("error: die ID read response has wrong opcode\n"); return(ERROR_TARGET); } bcopy(rvi_msg + 5, databuf, 8); return(0); }