From 5f4358687791dbd05d0da7b4a394d28a9b5e7d0c Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Wed, 10 Mar 2021 17:16:02 +0000 Subject: [PATCH] bcm57xx: Actually write the stage1 version into the file --- plugins/bcm57xx/fu-bcm57xx-stage1-image.c | 41 +++++++++++++--------- src/fuzzing/bcm57xx-stage1.bin | Bin 16 -> 0 bytes src/fuzzing/bcm57xx.builder.xml | 4 +-- src/fuzzing/firmware/bcm57xx.bin | Bin 262144 -> 262144 bytes 4 files changed, 27 insertions(+), 18 deletions(-) delete mode 100644 src/fuzzing/bcm57xx-stage1.bin diff --git a/plugins/bcm57xx/fu-bcm57xx-stage1-image.c b/plugins/bcm57xx/fu-bcm57xx-stage1-image.c index a39f9b0eb..5a3a711e0 100644 --- a/plugins/bcm57xx/fu-bcm57xx-stage1-image.c +++ b/plugins/bcm57xx/fu-bcm57xx-stage1-image.c @@ -45,6 +45,7 @@ fu_bcm57xx_stage1_image_parse (FuFirmware *image, g_autofree gchar *tmp = NULL; tmp = fu_common_version_from_uint32 (fwversion, FWUPD_VERSION_FORMAT_TRIPLET); fu_firmware_set_version (image, tmp); + fu_firmware_set_version_raw (image, fwversion); } else { guint32 bufver[4] = { '\0' }; guint32 veraddr = 0x0; @@ -81,37 +82,45 @@ fu_bcm57xx_stage1_image_parse (FuFirmware *image, } static GBytes * -fu_bcm57xx_stage1_image_write (FuFirmware *image, GError **error) +fu_bcm57xx_stage1_image_write (FuFirmware *firmware, GError **error) { - const guint8 *buf; - gsize bufsz = 0; guint32 crc; - g_autoptr(GByteArray) blob = NULL; + g_autoptr(GByteArray) buf = g_byte_array_new (); g_autoptr(GBytes) fw_nocrc = NULL; - g_autoptr(GBytes) fw_align = NULL; - /* get the CRC-less data */ - fw_nocrc = fu_firmware_get_bytes (image, error); + /* the CRC-less payload */ + fw_nocrc = fu_firmware_get_bytes (firmware, error); if (fw_nocrc == NULL) return NULL; - /* this has to be aligned by DWORDs */ - fw_align = fu_common_bytes_align (fw_nocrc, sizeof(guint32), 0xff); + /* fuzzing, so write a header with the version */ + if (g_bytes_get_size (fw_nocrc) < BCM_NVRAM_STAGE1_VERSION) + fu_byte_array_set_size (buf, BCM_NVRAM_STAGE1_VERSION + sizeof(guint32)); - /* add to a mutable buffer */ - buf = g_bytes_get_data (fw_align, &bufsz); - blob = g_byte_array_sized_new (bufsz + sizeof(guint32)); - g_byte_array_append (blob, buf, bufsz); + /* payload */ + fu_byte_array_append_bytes (buf, fw_nocrc); + + /* update version */ + if (!fu_common_write_uint32_safe (buf->data, buf->len, BCM_NVRAM_STAGE1_VERSION, + fu_firmware_get_version_raw (firmware), + G_BIG_ENDIAN, error)) + return NULL; + + /* align */ + fu_byte_array_set_size (buf, + fu_common_align_up (g_bytes_get_size (fw_nocrc), + fu_firmware_get_alignment (firmware))); /* add CRC */ - crc = fu_bcm57xx_nvram_crc (buf, bufsz); - fu_byte_array_append_uint32 (blob, crc, G_LITTLE_ENDIAN); - return g_byte_array_free_to_bytes (g_steal_pointer (&blob)); + crc = fu_bcm57xx_nvram_crc (buf->data, buf->len); + fu_byte_array_append_uint32 (buf, crc, G_LITTLE_ENDIAN); + return g_byte_array_free_to_bytes (g_steal_pointer (&buf)); } static void fu_bcm57xx_stage1_image_init (FuBcm57xxStage1Image *self) { + fu_firmware_set_alignment (FU_FIRMWARE (self), 2); } static void diff --git a/src/fuzzing/bcm57xx-stage1.bin b/src/fuzzing/bcm57xx-stage1.bin deleted file mode 100644 index 4ae08e6d0fe941992a07451d64a983746fc6a129..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16 Tcmd;M;A3V00uF{?77z^p1R(%_ diff --git a/src/fuzzing/bcm57xx.builder.xml b/src/fuzzing/bcm57xx.builder.xml index 3fc927055..5c328a9b7 100644 --- a/src/fuzzing/bcm57xx.builder.xml +++ b/src/fuzzing/bcm57xx.builder.xml @@ -1,10 +1,10 @@ 1.2.3 - 7.8.9 + 0x123456 stage1 0x01 - bcm57xx-stage1.bin + aGVsbG8gd29ybGQ= stage2 diff --git a/src/fuzzing/firmware/bcm57xx.bin b/src/fuzzing/firmware/bcm57xx.bin index 158430b40714e4d1a9ad10993b2c9cd5f349fc78..9850e321a0bea8e010c7285082e1ae0203d51abb 100644 GIT binary patch delta 60 zcmZo@5NK!+5J{UEx{8Crf&mCv7#Ns(9v$u1+o+h$G|@nkCI8sf>gEMZ?F*O~ftYFg O0w(5!zmpFzu>b%qloOW# delta 70 zcmZo@5NK!+5J{UEx{8Crf&mCv85o#)g5JCr-l$m4B+9_Yz{d;{=3oeB0nu}u#l@QE TFtyKNVgzEQ?Q@uz6aE4KG!+n2