mcuboot icon indicating copy to clipboard operation
mcuboot copied to clipboard

Published 20 hours ago verified publisher icon mcu-tools

Serial recovery with image state has null pointer usage

Open nordicjm opened this issue 6 months ago • 4 comments

Commit d00b11dc234caee267eb12376e2279ed57c35d5d has introduced a regression, this added using the state to the maximum image size function, in serial recovery mode however this variable is NULL, which then causes a null pointer reference and undefined operation in swap using scratch, swap using move and swap using offset modes

nordicjm avatar Jun 10 '25 14:06 nordicjm

@taltenbach

nordicjm avatar Jun 10 '25 14:06 nordicjm

this is also broken in zephyr's v3.7 branch

nordicjm avatar Jun 10 '25 14:06 nordicjm

Sorry for the regression, I wasn't expecting bootutil_img_validate to be called somewhere with a null state. At first sight, I think the proper solution would be to initialize a state (at least partially) in boot_serial. This seems to be already made in some places. @nordicjm Are you already working on the issue? If not, I will try to create a PR in the coming week.

taltenbach avatar Jun 15 '25 20:06 taltenbach

@nordicjm Are you already working on the issue? If not, I will try to create a PR in the coming week.

I am not

nordicjm avatar Jun 16 '25 07:06 nordicjm