From 2f03f34877b9321ee1949cbaf70c0297a1635734 Mon Sep 17 00:00:00 2001 From: Jacob Alexander Date: Sat, 23 Jul 2016 17:50:59 -0700 Subject: [PATCH] Adding DFU check to validate that we aren't trying to flash too far - Add _app_rom_end address location that points to the end of flash - Check when flashing each page whether the end of the page exceeds the end of the flash --- Bootloader/main.c | 8 +++++++- Lib/mk20dx128vlf5.bootloader.ld | 12 +++++++----- Lib/mk20dx128vlf5.ld | 8 ++++++-- Lib/mk20dx256vlh7.bootloader.ld | 13 +++++++------ Lib/mk20dx256vlh7.ld | 8 ++++++-- 5 files changed, 33 insertions(+), 16 deletions(-) diff --git a/Bootloader/main.c b/Bootloader/main.c index aabaeeb..f942991 100644 --- a/Bootloader/main.c +++ b/Bootloader/main.c @@ -1,5 +1,5 @@ /* Copyright (c) 2011,2012 Simon Schubert <2@0x2c.org>. - * Modifications by Jacob Alexander 2014-2015 + * Modifications by Jacob Alexander 2014-2016 * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -141,9 +141,15 @@ static enum dfu_status setup_write( size_t off, size_t len, void **buf ) static enum dfu_status finish_write( void *buf, size_t off, size_t len ) { void *target; + + // If nothing left to flash, this is still ok if ( len == 0 ) return (DFU_STATUS_OK); + // If the binary is larger than the internal flash, error + if ( off + (uintptr_t)&_app_rom + len > (uintptr_t)&_app_rom_end ) + return (DFU_STATUS_errADDRESS); + target = flash_get_staging_area( off + (uintptr_t)&_app_rom, USB_DFU_TRANSFER_SIZE ); if ( !target ) return (DFU_STATUS_errADDRESS); diff --git a/Lib/mk20dx128vlf5.bootloader.ld b/Lib/mk20dx128vlf5.bootloader.ld index 3e663d7..179b594 100644 --- a/Lib/mk20dx128vlf5.bootloader.ld +++ b/Lib/mk20dx128vlf5.bootloader.ld @@ -1,7 +1,7 @@ /* Teensyduino Core Library * http://www.pjrc.com/teensy/ * Copyright (c) 2013 PJRC.COM, LLC. - * Modifications by Jacob Alexander 2014 for use with McHCK + * Modifications by Jacob Alexander 2014,2016 for use with McHCK * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the @@ -31,13 +31,15 @@ MEMORY { - FLASH (rx) : ORIGIN = 0x0, LENGTH = 128K - FLASH_APP (rx) : ORIGIN = 4K, LENGTH = 128K-4K - RAM (rwx) : ORIGIN = 0x20000000 - 16K / 2, LENGTH = 16K + FLASH (rx) : ORIGIN = 0x0, LENGTH = 128K + FLASH_APP (rx) : ORIGIN = 4K, LENGTH = 128K - 4K + RAM (rwx) : ORIGIN = 0x20000000 - 16K / 2, LENGTH = 16K } /* Starting Address of the application ROM */ -_app_rom = ORIGIN( FLASH_APP ); +_bootloader = ORIGIN( FLASH ); +_app_rom = ORIGIN( FLASH_APP ); +_app_rom_end = ORIGIN( FLASH ) + LENGTH( FLASH ); FlexRAM = 0x14000000; FTFL = 0x40020000; diff --git a/Lib/mk20dx128vlf5.ld b/Lib/mk20dx128vlf5.ld index 4ab5626..5e20c69 100644 --- a/Lib/mk20dx128vlf5.ld +++ b/Lib/mk20dx128vlf5.ld @@ -1,7 +1,7 @@ /* Teensyduino Core Library * http://www.pjrc.com/teensy/ * Copyright (c) 2013 PJRC.COM, LLC. - * Modifications by Jacob Alexander 2014 for use with McHCK + * Modifications by Jacob Alexander 2014,2016 for use with McHCK * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the @@ -31,10 +31,14 @@ MEMORY { - FLASH (rx) : ORIGIN = 4K, LENGTH = 128K-4K + FLASH (rx) : ORIGIN = 4K, LENGTH = 128K - 4K RAM (rwx) : ORIGIN = 0x20000000 - 16K / 2, LENGTH = 16K } +/* Starting Address of the application ROM */ +_app_rom = ORIGIN( FLASH ); +_app_rom_end = ORIGIN( FLASH ) + LENGTH( FLASH ); + /* Section Definitions */ SECTIONS { diff --git a/Lib/mk20dx256vlh7.bootloader.ld b/Lib/mk20dx256vlh7.bootloader.ld index ade94ea..f453b1f 100644 --- a/Lib/mk20dx256vlh7.bootloader.ld +++ b/Lib/mk20dx256vlh7.bootloader.ld @@ -1,7 +1,7 @@ /* Teensyduino Core Library * http://www.pjrc.com/teensy/ * Copyright (c) 2013 PJRC.COM, LLC. - * Modifications by Jacob Alexander 2014-2015 for use with McHCK and Kiibohd-dfu + * Modifications by Jacob Alexander 2014-2016 for use with McHCK and Kiibohd-dfu * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the @@ -31,14 +31,15 @@ MEMORY { - FLASH (rx) : ORIGIN = 0x0, LENGTH = 256K - FLASH_APP (rx) : ORIGIN = 8K, LENGTH = 256K-8K - RAM (rwx) : ORIGIN = 0x20000000 - 64K / 2, LENGTH = 64K + FLASH (rx) : ORIGIN = 0x0, LENGTH = 256K + FLASH_APP (rx) : ORIGIN = 8K, LENGTH = 256K - 8K + RAM (rwx) : ORIGIN = 0x20000000 - 64K / 2, LENGTH = 64K } /* Starting Address of the application ROM */ -_bootloader = ORIGIN( FLASH ); -_app_rom = ORIGIN( FLASH_APP ); +_bootloader = ORIGIN( FLASH ); +_app_rom = ORIGIN( FLASH_APP ); +_app_rom_end = ORIGIN( FLASH ) + LENGTH( FLASH ); FlexRAM = 0x14000000; FTFL = 0x40020000; diff --git a/Lib/mk20dx256vlh7.ld b/Lib/mk20dx256vlh7.ld index 315baee..d77b427 100644 --- a/Lib/mk20dx256vlh7.ld +++ b/Lib/mk20dx256vlh7.ld @@ -1,7 +1,7 @@ /* Teensyduino Core Library * http://www.pjrc.com/teensy/ * Copyright (c) 2013 PJRC.COM, LLC. - * Modifications by Jacob Alexander 2014-2015 for use with McHCK and Kiibohd-dfu + * Modifications by Jacob Alexander 2014-2016 for use with McHCK and Kiibohd-dfu * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the @@ -31,10 +31,14 @@ MEMORY { - FLASH (rx) : ORIGIN = 8K, LENGTH = 256K-8K + FLASH (rx) : ORIGIN = 8K, LENGTH = 256K - 8K RAM (rwx) : ORIGIN = 0x20000000 - 64K / 2, LENGTH = 64K } +/* Starting Address of the application ROM */ +_app_rom = ORIGIN( FLASH ); +_app_rom_end = ORIGIN( FLASH ) + LENGTH( FLASH ); + /* Section Definitions */ SECTIONS {