Adding new cameras, applying patches into trunk (with source code prepared) - page 166 - General Discussion and Assistance - CHDK Forum supplierdeeply

Adding new cameras, applying patches into trunk (with source code prepared)

  • 1657 Replies
  • 592004 Views
*

Offline Ant

  • ****
  • 490
Advertisements
I noticed the included strub_entry_2.s did not exactly match the output I got rebuilding stubs in the current trunk.

Do you mean difference with other firmware versions?

*

Offline reyalp

  • ******
  • 13288
Do you mean difference with other firmware versions?
I meant between the stubs_entry.S included in your patch, and what I generated rebuilding stubs for the 121a firmware using the current trunk source.

edit: diff
« Last Edit: 29 / April / 2021, 17:25:42 by reyalp »
Don't forget what the H stands for.

*

Offline Ant

  • ****
  • 490
stubs_entry.S was generated a week ago using finsig_thumb2 which was built a week ago...

*

Offline reyalp

  • ******
  • 13288
stubs_entry.S was generated a week ago using finsig_thumb2 which was built a week ago...
The differences aren't in the found sigs (funcs_by*.csv are identical) but in the modemap and sigs that are set in stubs_entry_2.s.
Don't forget what the H stands for.


*

Offline Ant

  • ****
  • 490
Maybe this is because stubs_entry.S was generated not in "\platform\m3\sub\121a\" directory?

*

Offline SX720

  • *
  • 43
I'd suggest that this patch: https://sources.debian.org/patches/lua5.1/5.1.5-8.1/0004-Fix-stack-overflow-in-vararg-functions.patch/

get applied.

It fixes a security problem with Lua. A more detailed explanation is here: http://www.lua.org/bugs.html#5.2.2-1

You can apply it like so:

Code: [Select]
cd trunk/lib/lua
wget 'https://sources.debian.org/data/main/l/lua5.1/5.1.5-8.1/debian/patches/0004-Fix-stack-overflow-in-vararg-functions.patch'
patch -p2 < 0004-Fix-stack-overflow-in-vararg-functions.patch

*

Offline reyalp

  • ******
  • 13288
It fixes a security problem with Lua. A more detailed explanation is here: http://www.lua.org/bugs.html#5.2.2-1
As far as security goes, using a stack overflow when poke() is right there would seem to be making things hard on oneself ;)

That said, it sounds like it could crash in other legitimate code, so probably worth applying. Thanks for pointing it out.

edit:
I've checked this in on the trunk (r5979), as well as https://www.lua.org/bugs.html#5.1.5-2 (r5980). The latter makes CHDK Lua effectively 5.1.5
I'll merge them back to the stable branch a bit later after I've had time to test a few more scripts.

For both, I verified the existing CHDK code showed the error in the test case, and the patch resolved it.
« Last Edit: 03 / July / 2021, 20:07:07 by reyalp »
Don't forget what the H stands for.

*

Offline SX720

  • *
  • 43
Thank you for getting this merged. I see what you mean about the poke function. I still think it's a good chance because as you've mentioned legitimate scripts could crash the camera. This helps because I was wondering what version of Lua I should target when writing scripts. Now I know.


 

Related Topics