Fixes use of invalid header data Fixes a bug when MCUBOOT_VALIDATE_SLOT0 is enabled which caused the header in Slot 1 to be used for calculating the bootstrap offset. This bug is masked when MCUBOOT_OVERWRITE_ONLY is not enabled because both slots have the same header size (usually!). With MCUBOOT_OVERWRITE_ONLY Slot 1 was erased and the header size would be read as 0xffff resulting in a jump to the wrong address. Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: c6a7b0c7a0c4f8a55ab8ca35ad7f47799e7d0b2e [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Wed Sep 13 19:01:15 2017 -0300
committer: David Brown <davidb@davidb.org> Wed Sep 13 17:14:22 2017 -0600
tree: f1f1f94a472b41a18dd78a5ede073f15ec72e3a0
parent: 8d0e5884a08b9289bbd996223188c4529b85ac14 [diff] [blame]
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 0bd2cf2..77fa63e 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c

@@ -1339,10 +1339,16 @@
 
 #ifdef MCUBOOT_VALIDATE_SLOT0
     if (reload_headers) {
-            rc = boot_read_image_headers();
-            if (rc != 0) {
-                    goto out;
-            }
+        rc = boot_read_image_headers();
+        if (rc != 0) {
+            goto out;
+        }
+        /* Since headers were reloaded, it can be assumed we just performed a
+         * swap or overwrite. Now the header info that should be used to
+         * provide the data for the bootstrap, which previously was at Slot 1,
+         * was updated to Slot 0.
+         */
+        slot = 0;
     }
 
     rc = boot_validate_slot(0);
commit	c6a7b0c7a0c4f8a55ab8ca35ad7f47799e7d0b2e	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Wed Sep 13 19:01:15 2017 -0300
committer	David Brown <davidb@davidb.org>	Wed Sep 13 17:14:22 2017 -0600
tree	f1f1f94a472b41a18dd78a5ede073f15ec72e3a0
parent	8d0e5884a08b9289bbd996223188c4529b85ac14 [diff] [blame]