Make sure we don't read past the end of a C-string in format_track_path. Second part...
[maemo-rb.git] / tools / mkboot.c
blob49d6452b4af3dafc2280f1c398be86312a2f6c36
1 /***************************************************************************
2 * __________ __ ___.
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
7 * \/ \/ \/ \/ \/
8 * $Id$
10 * Copyright (C) 2005 by Linus Nielsen Feltzing
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
18 * KIND, either express or implied.
20 ****************************************************************************/
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include "mkboot.h"
26 #ifndef RBUTIL
27 static void usage(void)
29 printf("usage: mkboot [-h300] <firmware file> <boot file> <output file>\n");
31 exit(1);
33 #endif
35 static unsigned char image[0x400000 + 0x220 + 0x400000/0x200];
37 #ifndef RBUTIL
38 int main(int argc, char *argv[])
40 char *infile, *bootfile, *outfile;
41 int origin = 0x1f0000; /* H1x0 bootloader address */
43 if(argc < 3) {
44 usage();
47 if(!strcmp(argv[1], "-h300")) {
48 infile = argv[2];
49 bootfile = argv[3];
50 outfile = argv[4];
52 origin = 0x3f0000; /* H3x0 bootloader address */
54 else
56 infile = argv[1];
57 bootfile = argv[2];
58 outfile = argv[3];
60 return mkboot(infile, bootfile, outfile, origin);
62 #endif
64 int mkboot(const char* infile, const char* bootfile, const char* outfile, int origin)
66 FILE *f;
67 int i;
68 int len;
69 int actual_length, total_length, binary_length, num_chksums;
71 memset(image, 0xff, sizeof(image));
73 /* First, read the iriver original firmware into the image */
74 f = fopen(infile, "rb");
75 if(!f) {
76 perror(infile);
77 return -1;
80 i = fread(image, 1, 16, f);
81 if(i < 16) {
82 perror(infile);
83 fclose(f);
84 return -2;
87 /* This is the length of the binary image without the scrambling
88 overhead (but including the ESTFBINR header) */
89 binary_length = image[4] + (image[5] << 8) +
90 (image[6] << 16) + (image[7] << 24);
92 /* Read the rest of the binary data, but not the checksum block */
93 len = binary_length+0x200-16;
94 i = fread(image+16, 1, len, f);
95 if(i < len) {
96 perror(infile);
97 fclose(f);
98 return -3;
101 fclose(f);
103 /* Now, read the boot loader into the image */
104 f = fopen(bootfile, "rb");
105 if(!f) {
106 perror(bootfile);
107 fclose(f);
108 return -4;
111 fseek(f, 0, SEEK_END);
112 len = ftell(f);
114 fseek(f, 0, SEEK_SET);
116 i = fread(image+0x220 + origin, 1, len, f);
117 if(i < len) {
118 perror(bootfile);
119 fclose(f);
120 return -5;
123 fclose(f);
125 f = fopen(outfile, "wb");
126 if(!f) {
127 perror(outfile);
128 return -6;
131 /* Patch the reset vector to start the boot loader */
132 image[0x220 + 4] = image[origin + 0x220 + 4];
133 image[0x220 + 5] = image[origin + 0x220 + 5];
134 image[0x220 + 6] = image[origin + 0x220 + 6];
135 image[0x220 + 7] = image[origin + 0x220 + 7];
137 /* This is the actual length of the binary, excluding all headers */
138 actual_length = origin + len;
140 /* Patch the ESTFBINR header */
141 image[0x20c] = (actual_length >> 24) & 0xff;
142 image[0x20d] = (actual_length >> 16) & 0xff;
143 image[0x20e] = (actual_length >> 8) & 0xff;
144 image[0x20f] = actual_length & 0xff;
146 image[0x21c] = (actual_length >> 24) & 0xff;
147 image[0x21d] = (actual_length >> 16) & 0xff;
148 image[0x21e] = (actual_length >> 8) & 0xff;
149 image[0x21f] = actual_length & 0xff;
151 /* This is the length of the binary, including the ESTFBINR header and
152 rounded up to the nearest 0x200 boundary */
153 binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00;
155 /* The number of checksums, i.e number of 0x200 byte blocks */
156 num_chksums = binary_length / 0x200;
158 /* The total file length, including all headers and checksums */
159 total_length = binary_length + num_chksums + 0x200;
161 /* Patch the scrambler header with the new length info */
162 image[0] = total_length & 0xff;
163 image[1] = (total_length >> 8) & 0xff;
164 image[2] = (total_length >> 16) & 0xff;
165 image[3] = (total_length >> 24) & 0xff;
167 image[4] = binary_length & 0xff;
168 image[5] = (binary_length >> 8) & 0xff;
169 image[6] = (binary_length >> 16) & 0xff;
170 image[7] = (binary_length >> 24) & 0xff;
172 image[8] = num_chksums & 0xff;
173 image[9] = (num_chksums >> 8) & 0xff;
174 image[10] = (num_chksums >> 16) & 0xff;
175 image[11] = (num_chksums >> 24) & 0xff;
177 i = fwrite(image, 1, total_length, f);
178 if(i < total_length) {
179 perror(outfile);
180 fclose(f);
181 return -7;
184 printf("Wrote 0x%x bytes in %s\n", total_length, outfile);
186 fclose(f);
188 return 0;