From: Nikita V. Youshchenko <yoush@cs.msu.su>
Date: Thu, 2 Oct 2008 20:03:55 +0000 (+0400)
Subject: fsl_diu: fix alignment error that caused malloc corruption
X-Git-Tag: v2025.01-rc5-pxa1908~21786^2~18
X-Git-Url: http://git.dujemihanovic.xyz/html/static/git-logo.png?a=commitdiff_plain;h=ec4d8c1c1d94a790c1473ae8aace282b817c3123;p=u-boot.git

fsl_diu: fix alignment error that caused malloc corruption

When aligning malloc()ed screen_base, invalid offset was added.
This not only caused misaligned result (which did not cause hardware
misbehaviour), but - worse - caused screen_base + smem_len to
be out of malloc()ed space, which in turn caused breakage of
futher malloc()/free() operation.

This patch fixes screen_base alignment.

Also this patch makes memset() that cleans framebuffer to be executed
on first initialization of diu, not only on re-initialization. It looks
correct to clean the framebuffer instead of displaying random garbage;
I believe that was disabled only because that memset caused breakage
of malloc/free described above - which no longer happens with the fix
described above.

Signed-off-by: Nikita V. Youshchenko <yoush@debian.org>
---

diff --git a/board/freescale/common/fsl_diu_fb.c b/board/freescale/common/fsl_diu_fb.c
index 75f782e9da..4d4b0a1460 100644
--- a/board/freescale/common/fsl_diu_fb.c
+++ b/board/freescale/common/fsl_diu_fb.c
@@ -242,10 +242,10 @@ int fsl_diu_init(int xres,
 			printf("Unable to allocate fb memory 1\n");
 			return -1;
 		}
-	} else {
-		memset(info->screen_base, 0, info->smem_len);
 	}
 
+	memset(info->screen_base, 0, info->smem_len);
+
 	dr.diu_reg->desc[0] = (unsigned int) &dummy_ad;
 	dr.diu_reg->desc[1] = (unsigned int) &dummy_ad;
 	dr.diu_reg->desc[2] = (unsigned int) &dummy_ad;
@@ -403,7 +403,7 @@ static int map_video_memory(struct fb_info *info, unsigned long bytes_align)
 	mask = bytes_align - 1;
 	offset = (unsigned long)info->screen_base & mask;
 	if (offset) {
-		info->screen_base += offset;
+		info->screen_base += (bytes_align - offset);
 		info->smem_len = info->smem_len - (bytes_align - offset);
 	} else
 		info->smem_len = info->smem_len - bytes_align;