esp_rom: remove functions which depend on sizeof(struct stat)

...and all their callers. With the upcoming switch from sizeof(time_t)==4 to sizeof(time_t)==8, sizeof(struct stat) is also increasing. A few newlib functions present in ROM allocate 'struct stat' on the stack and call _fstat_r on this structure. The implementation of fstat is provided in ESP-IDF. This implementation will often do memset(st, 0, sizeof(*st)), where st is 'struct stat*', before setting some fields of this structure. If IDF is built with sizeof(st) different from sizeof(st) which ROM was built with, this will lead to an out-of-bounds write and a stack corruption. This commit removes problematic ROM functions from the linker script. Here are the functions which allocate 'struct stat': * _isatty_r (in ROM) * __swhatbuf_r, called by __smakebuf_r, called by __swsetup_r and __srefill_r (in ROM) * _fseeko_r (not in ROM) * glob2 (not in ROM) * _gettemp (not in ROM) As a result, these functions are used from libc.a, and use correct size of 'stat' structure. Closes https://github.com/espressif/esp-idf/issues/7980
2025-09-25 01:37:22 +00:00 · 2022-01-06 15:20:04 +01:00
parent 5d47efb72d
commit 24c20d188e
12 changed files with 103 additions and 48 deletions
--- a/components/esp_rom/esp32/ld/esp32.rom.newlib-funcs.ld
+++ b/components/esp_rom/esp32/ld/esp32.rom.newlib-funcs.ld
@@ -43,7 +43,6 @@ _getenv_r = 0x40001fbc;
 isalnum = 0x40000f04;
 isalpha = 0x40000f18;
 isascii = 0x4000c20c;
-_isatty_r = 0x40000ea0;
 isblank = 0x40000f2c;
 iscntrl = 0x40000f50;
 isdigit = 0x40000f64;
@@ -77,14 +76,11 @@ __sfmoreglue = 0x40001dc8;
 __sfp = 0x40001e90;
 __sfp_lock_acquire = 0x40001e08;
 __sfp_lock_release = 0x40001e14;
-__sfvwrite_r = 0x4005893c;
 __sinit = 0x40001e38;
 __sinit_lock_acquire = 0x40001e20;
 __sinit_lock_release = 0x40001e2c;
-__smakebuf_r = 0x40059108;
 srand = 0x40001004;
 __sread = 0x40001118;
-__srefill_r = 0x400593d4;
 __sseek = 0x40001184;
 strcasecmp = 0x400011cc;
 strcasestr = 0x40001210;
@@ -122,7 +118,6 @@ __submore = 0x40058f3c;
 __swbuf = 0x40058cb4;
 __swbuf_r = 0x40058bec;
 __swrite = 0x40001150;
-__swsetup_r = 0x40058cc8;
 toascii = 0x4000c720;
 tolower = 0x40001868;
 toupper = 0x40001884;
--- a/components/esp_rom/esp32/ld/esp32.rom.newlib-time.ld
+++ b/components/esp_rom/esp32/ld/esp32.rom.newlib-time.ld
@@ -27,3 +27,12 @@ _timezone = 0x3ffae0a0;
 _tzname = 0x3ffae030;
 _daylight = 0x3ffae0a4;
 __month_lengths = 0x3ff9609c;
+
+/* These functions don't use time_t, but use other structures which include time_t.
+ * For example, 'struct stat' contains time_t.
+ */
+_isatty_r = 0x40000ea0;
+__sfvwrite_r = 0x4005893c;
+__smakebuf_r = 0x40059108;
+__srefill_r = 0x400593d4;
+__swsetup_r = 0x40058cc8;