[PATCH 0/2] seg fault during update

[Christophe Ronco]

I had a seg fault during an update. Here are the traces:

/user/qmi-firmware-update --update --cdc-wdm /dev/cdc-wdm0 /user/SWI9X30C_02.20.03.00_DoCoMo/SWI9X30_02.20.03.00.cwe /user/SWI9X30C_02.20.03.00_DoCoMo/SWI9X30C_02.20.03.00_DoCoMo_001.001_000.nvu
setting firmware preference:
  firmware version: '02.20.03.00'
  config version:   '001.001_000'
  carrier:          'DOCOMO'
rebooting in download mode...
downloading cwe image: SWI9X30C_02.20.03.00.cwe (64.4 MB)...
finalizing download...
successfully downloaded in 75.33s (854.6 kB/s)
downloading cwe image: SWI9X30C_02.20.03.00_DoCoMo_001.001_000.nvu (9.0 kB)...
Segmentation fault

Back trace of error is:
#0  0x0001cf9c in qfu_qdl_device_ufopen (self=0x1d0d218, image=<optimized out>, cancellable=cancellable at entry=0x1cfd890, 
    error=error at entry=0x7ea0d9fc) at /usr/src/debug/libqmi/1.16.2-r0/git/src/qmi-firmware-update/qfu-qdl-device.c:496
#1  0x000160f8 in run_context_step_download_image (task=0x1d00810)
    at /usr/src/debug/libqmi/1.16.2-r0/git/src/qmi-firmware-update/qfu-updater.c:311
#2  0x00017994 in run_context_step_cb (task=<optimized out>)
    at /usr/src/debug/libqmi/1.16.2-r0/git/src/qmi-firmware-update/qfu-updater.c:161
#3  0x76ac697c in ?? ()

After debug, I found two errors:
 - seg fault occur because qfu_qdl_device_ufopen parse response decoded by
send_receive even when answer is not set
 - CRC is not well checked in hdlc_unframe if there is a char to unescape

With the following pathc, I was able to download the new firmware.

Christophe Ronco (2):
  qmi-firmware-update: fix seg fault in case of error in hdlc_unframe
  qmi-firmware-update: fix CRC checking

 src/qmi-firmware-update/qfu-qdl-device.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

-- 
2.11.0