Merge "lib: zlib_inflate: Fix warnings treated as errors."
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index c7e65cb..c873882 100755
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -495,8 +495,8 @@
cmdline_len += (strlen(androidboot_slot_suffix)+
strlen(SUFFIX_SLOT(current_active_slot)));
- sprintf(sys_path_cmdline, sys_path_cmdline,
- (partition_get_index("system")+1));
+ snprintf(sys_path_cmdline, sizeof(*sys_path_cmdline),
+ sys_path_cmdline, (partition_get_index("system")+1));
cmdline_len += strlen(sys_path_cmdline);
if (!boot_into_recovery)
@@ -3482,7 +3482,8 @@
}
dprintf(INFO, "writing %d bytes to '%s'\n", sz, ptn->name);
- if ((sz > UBI_MAGIC_SIZE) && (!memcmp((void *)data, UBI_MAGIC, UBI_MAGIC_SIZE))) {
+ if ((sz > UBI_EC_HDR_SIZE) &&
+ (!memcmp((void *)data, UBI_MAGIC, UBI_MAGIC_SIZE))) {
if (flash_ubi_img(ptn, data, sz)) {
fastboot_fail("flash write failure");
return;
@@ -4020,6 +4021,7 @@
static char has_slot_reply[NUM_PARTITIONS][MAX_RSP_SIZE];
const char *tmp;
char tmpbuff[MAX_GET_VAR_NAME_SIZE];
+ signed active_slt;
if (!published)
{
@@ -4029,18 +4031,23 @@
for(i=0; i<count; i++)
{
memset(tmpbuff, 0, MAX_GET_VAR_NAME_SIZE);
- sprintf(tmpbuff, "has-slot:%s", has_slot_pname[i]);
- strcpy(has_slot_pname[i], tmpbuff);
+ snprintf(tmpbuff, MAX_GET_VAR_NAME_SIZE,"has-slot:%s",
+ has_slot_pname[i]);
+ strlcpy(has_slot_pname[i], tmpbuff, MAX_GET_VAR_NAME_SIZE);
fastboot_publish(has_slot_pname[i], has_slot_reply[i]);
}
for (i=0; i<AB_SUPPORTED_SLOTS; i++)
{
tmp = SUFFIX_SLOT(i);
- sprintf(slot_info[i].slot_is_unbootable, "slot-unbootable:%s", tmp);
- sprintf(slot_info[i].slot_is_active, "slot-active:%s", tmp);
- sprintf(slot_info[i].slot_is_succesful, "slot-success:%s", tmp);
- sprintf(slot_info[i].slot_retry_count, "slot-retry-count:%s", tmp);
+ snprintf(slot_info[i].slot_is_unbootable, sizeof(slot_info[i].slot_is_unbootable),
+ "slot-unbootable:%s", tmp);
+ snprintf(slot_info[i].slot_is_active, sizeof(slot_info[i].slot_is_active),
+ "slot-active:%s", tmp);
+ snprintf(slot_info[i].slot_is_succesful, sizeof(slot_info[i].slot_is_succesful),
+ "slot-success:%s", tmp);
+ snprintf(slot_info[i].slot_retry_count, sizeof(slot_info[i].slot_retry_count),
+ "slot-retry-count:%s", tmp);
fastboot_publish(slot_info[i].slot_is_unbootable,
slot_info[i].slot_is_unbootable_rsp);
fastboot_publish(slot_info[i].slot_is_active,
@@ -4056,8 +4063,13 @@
published = true;
}
- sprintf(active_slot_suffix, "%s",
- SUFFIX_SLOT(partition_find_active_slot()));
+ active_slt = partition_find_active_slot();
+ if (active_slt != INVALID)
+ snprintf(active_slot_suffix, sizeof(active_slot_suffix), "%s",
+ SUFFIX_SLOT(active_slt));
+ else
+ strlcpy(active_slot_suffix, "INVALID", sizeof(active_slot_suffix));
+
/* Update partition meta information */
partition_fill_slot_meta(slot_info);
return;
diff --git a/app/aboot/recovery.c b/app/aboot/recovery.c
index 71006bd..49f5057 100644
--- a/app/aboot/recovery.c
+++ b/app/aboot/recovery.c
@@ -134,10 +134,8 @@
{
struct ptentry *ptn;
struct ptable *ptable;
- unsigned int ssd_cookie[2] = {0x53534443, 0x4F4F4B49};
+ unsigned int *ssd_cookie;
unsigned pagesize = flash_page_size();
- unsigned pagemask = pagesize -1;
- unsigned n = 0;
ptable = flash_get_ptable();
if (ptable == NULL) {
@@ -145,21 +143,32 @@
return -1;
}
- n = (sizeof(ssd_cookie) + pagemask) & (~pagemask);
+ ssd_cookie = malloc(pagesize);
+ if (!ssd_cookie){
+ dprintf(CRITICAL, "ERROR: Memory allocation failure\n");
+ return -1;
+ }
+ memset(ssd_cookie, 0, pagesize);
+ ssd_cookie[0] = 0x53534443;
+ ssd_cookie[1] = 0x4F4F4B49;
ptn = ptable_find(ptable, name);
if (ptn == NULL) {
dprintf(CRITICAL, "ERROR: No %s partition found\n", name);
- return -1;
+ goto out;
}
- if (flash_write(ptn, 0, ssd_cookie, n)) {
+ if (flash_write(ptn, 0, ssd_cookie, pagesize)) {
dprintf(CRITICAL, "ERROR: flash write fail!\n");
- return -1;
+ goto out;
}
+ free(ssd_cookie);
dprintf(INFO, "FOTA partition written successfully!");
return 0;
+out:
+ free(ssd_cookie);
+ return -1;
}
int get_boot_info_apps (char type, unsigned int *status)
@@ -302,23 +311,39 @@
{
char *ptn_name = "misc";
unsigned long long ptn = 0;
- unsigned int size = ROUND_TO_PAGE(sizeof(*out),511);
- unsigned char data[size];
+ unsigned blocksize = mmc_get_device_blocksize();
+ unsigned int size = ROUND_TO_PAGE(sizeof(*out), (unsigned)blocksize - 1);
+ unsigned char *data = NULL;
+ int ret = 0;
int index = INVALID_PTN;
+ data = malloc(size);
+ if(!data)
+ {
+ dprintf(CRITICAL,"memory allocation error \n");
+ ret = -1;
+ goto out;
+ }
+
index = partition_get_index((const char *) ptn_name);
ptn = partition_get_offset(index);
mmc_set_lun(partition_get_lun(index));
if(ptn == 0) {
dprintf(CRITICAL,"partition %s doesn't exist\n",ptn_name);
- return -1;
+ ret = -1;
+ goto out;
}
+ memset(data, 0, size);
memcpy(data, out, sizeof(*out));
if (mmc_write(ptn , size, (unsigned int*)data)) {
dprintf(CRITICAL,"mmc write failure %s %d\n",ptn_name, sizeof(*out));
- return -1;
+ ret = -1;
+ goto out;
}
- return 0;
+out:
+ if (data)
+ free(data);
+ return ret;
}
static int emmc_get_recovery_msg(struct recovery_message *in)
diff --git a/platform/msm_shared/ab_partition_parser.c b/platform/msm_shared/ab_partition_parser.c
index db37d00..bd900d9 100644
--- a/platform/msm_shared/ab_partition_parser.c
+++ b/platform/msm_shared/ab_partition_parser.c
@@ -506,14 +506,14 @@
/* 2. put the partition name in array */
tmp = pname_size-strlen(suffix_str);
strlcpy(has_slot_pname[count], pname, tmp+1);
- strcpy(has_slot_reply[count], " Yes");
+ strlcpy(has_slot_reply[count], " Yes", MAX_RSP_SIZE);
count++;
}
}
else
{
- strcpy(has_slot_pname[count], pname);
- strcpy(has_slot_reply[count], " No");
+ strlcpy(has_slot_pname[count], pname, MAX_GET_VAR_NAME_SIZE);
+ strlcpy(has_slot_reply[count], " No", MAX_RSP_SIZE);
count++;
}
@@ -545,15 +545,18 @@
for(i=0; i<AB_SUPPORTED_SLOTS; i++)
{
current_slot_index = boot_slot_index[i];
- strcpy(slot_info[i].slot_is_unbootable_rsp,
- slot_is_bootable(ptn_entries, current_slot_index)?"No":"Yes");
- strcpy(slot_info[i].slot_is_active_rsp,
- slot_is_active(ptn_entries, current_slot_index)?"Yes":"No");
- strcpy(slot_info[i].slot_is_succesful_rsp,
- slot_is_sucessful(ptn_entries, current_slot_index)?"Yes":"No");
+ strlcpy(slot_info[i].slot_is_unbootable_rsp,
+ slot_is_bootable(ptn_entries, current_slot_index)?"No":"Yes",
+ MAX_RSP_SIZE);
+ strlcpy(slot_info[i].slot_is_active_rsp,
+ slot_is_active(ptn_entries, current_slot_index)?"Yes":"No",
+ MAX_RSP_SIZE);
+ strlcpy(slot_info[i].slot_is_succesful_rsp,
+ slot_is_sucessful(ptn_entries, current_slot_index)?"Yes":"No",
+ MAX_RSP_SIZE);
itoa(slot_retry_count(ptn_entries, current_slot_index),
(unsigned char *)buff, 2, 10);
- strcpy(slot_info[i].slot_retry_count_rsp, buff);
+ strlcpy(slot_info[i].slot_retry_count_rsp, buff, MAX_RSP_SIZE);
}
}
@@ -579,6 +582,12 @@
(PARTITION_ENTRY_SIZE*NUM_PARTITIONS + GPT_HEADER_BLOCKS*block_size);
buffer = memalign(CACHE_LINE, ROUNDUP(max_gpt_size_bytes, CACHE_LINE));
+ if (!buffer)
+ {
+ dprintf(CRITICAL, "update_gpt: Failed at memory allocation\n");
+ goto out;
+ }
+
ret = mmc_read(gpt_start_addr, (uint32_t *)buffer,
max_gpt_size_bytes);
if (ret)
@@ -629,7 +638,8 @@
goto out;
}
out:
- free(buffer);
+ if (buffer)
+ free(buffer);
return ret;
}
diff --git a/platform/msm_shared/flash-ubi.c b/platform/msm_shared/flash-ubi.c
index 010f61e..ca46876 100644
--- a/platform/msm_shared/flash-ubi.c
+++ b/platform/msm_shared/flash-ubi.c
@@ -818,6 +818,7 @@
int bad_blocks_cnt = 0;
uint32_t fmsb_peb = UINT_MAX;
int is_fmsb_peb_valid = 0;
+ unsigned peb_valid_sz= 0;
si = scan_partition(ptn);
if (!si) {
@@ -845,14 +846,30 @@
curr_peb++;
continue;
}
- remove_F_flag(img_peb);
- /* Update the ec_header in the image */
- old_ech = (struct ubi_ec_hdr *)img_peb;
- update_ec_header(old_ech, si, curr_peb - ptn->start, false);
+
if (size < block_size)
num_pages = size / page_size;
else
num_pages = calc_data_len(page_size, img_peb, block_size);
+
+ /* Total size of valid data in peb */
+ peb_valid_sz = num_pages * page_size;
+
+ /*
+ * Check for oob access if any in img_peb.
+ */
+ if (memcmp(img_peb, UBI_MAGIC, UBI_MAGIC_SIZE) ||
+ BE32(((struct ubi_ec_hdr *)img_peb)->vid_hdr_offset) > peb_valid_sz ||
+ BE32(((struct ubi_ec_hdr *)img_peb)->data_offset) > peb_valid_sz)
+ {
+ dprintf(CRITICAL, "flash_ubi_img: invalid image peb found\n");
+ return -1;
+ }
+
+ remove_F_flag(img_peb);
+ /* Update the ec_header in the image */
+ old_ech = (struct ubi_ec_hdr *)img_peb;
+ update_ec_header(old_ech, si, curr_peb - ptn->start, false);
/* Write one block from image */
ret = qpic_nand_write(curr_peb * num_pages_per_blk,
num_pages, img_peb, 0);
diff --git a/platform/msm_shared/mdp3.c b/platform/msm_shared/mdp3.c
index 1014b45..8c59bae 100644
--- a/platform/msm_shared/mdp3.c
+++ b/platform/msm_shared/mdp3.c
@@ -125,7 +125,7 @@
writel(0x00000000, MDP_DMA_P_OUT_XY);
writel(pinfo->yres << 16 | pinfo->xres, MDP_DMA_P_SIZE);
- writel(MIPI_FB_ADDR, MDP_DMA_P_BUF_ADDR);
+ writel((uint32_t)fb->base, MDP_DMA_P_BUF_ADDR);
writel(pinfo->xres * ystride, MDP_DMA_P_BUF_Y_STRIDE);
writel(hsync_period << 16 | lcdc->h_pulse_width, \
MDP_DSI_VIDEO_HSYNC_CTL);
@@ -189,7 +189,7 @@
writel(pack_pattern << 8 | 0x3f | (0 << 25)| (1 << 19) | (1 << 7) , MDP_DMA_P_CONFIG); // rgb888
writel(0x00000000, MDP_DMA_P_OUT_XY);
writel(pinfo->yres << 16 | pinfo->xres, MDP_DMA_P_SIZE);
- writel(MIPI_FB_ADDR, MDP_DMA_P_BUF_ADDR);
+ writel((uint32_t)fb->base, MDP_DMA_P_BUF_ADDR);
writel(pinfo->xres * ystride, MDP_DMA_P_BUF_Y_STRIDE);
diff --git a/target/mdm9607/init.c b/target/mdm9607/init.c
index 45c3bd3..40776f7 100644
--- a/target/mdm9607/init.c
+++ b/target/mdm9607/init.c
@@ -66,6 +66,7 @@
/* PMIC config data */
#define PMIC_ARB_CHANNEL_NUM 0
#define PMIC_ARB_OWNER_ID 0
+#define PMIC_MAJOR_V1 1
/* NANDc BAM pipe numbers */
#define DATA_CONSUMER_PIPE 0
@@ -334,6 +335,8 @@
void reboot_device(unsigned reboot_reason)
{
uint8_t reset_type = 0;
+ struct board_pmic_data pmic_info;
+
/* Write the reboot reason */
writel(reboot_reason, RESTART_REASON_ADDR);
@@ -347,7 +350,18 @@
else
reset_type = PON_PSHOLD_HARD_RESET;
- pm8x41_v2_reset_configure(reset_type);
+ if (board_pmic_info(&pmic_info, SMEM_V7_SMEM_MAX_PMIC_DEVICES))
+ {
+ /* make decision based on pmic major version */
+ switch (pmic_info.pmic_version >>16)
+ {
+ case PMIC_MAJOR_V1:
+ pm8x41_v2_reset_configure(reset_type);
+ break;
+ default:
+ pm8x41_reset_configure(reset_type);
+ }
+ }
/* Drop PS_HOLD for MSM */
writel(0x00, MPM2_MPM_PS_HOLD);