[image] Make image data read-only to most consumers

Almost all image consumers do not need to modify the content of the image. Now that the image data is a pointer type (rather than the opaque userptr_t type), we can rely on the compiler to enforce this at build time. Change the .data field to be a const pointer, so that the compiler can verify that image consumers do not modify the image content. Provide a transparent .rwdata field for consumers who have a legitimate (and now explicit) reason to modify the image content. We do not attempt to impose any runtime restriction on checking whether or not an image is writable. The only existing instances of genuinely read-only images are the various unit test images, and it is acceptable for defective test cases to result in a segfault rather than a runtime error. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-16 09:32:33 +03:00 · 2025-04-30 14:14:51 +01:00
parent cd803ff2e2
commit 05ad7833c5
15 changed files with 45 additions and 73 deletions
--- a/src/core/fdt.c
+++ b/src/core/fdt.c
@@ -734,7 +734,7 @@ static int fdt_parse_image ( struct fdt *fdt, struct image *image ) {
 	int rc;

 	/* Parse image */
-	if ( ( rc = fdt_parse ( fdt, image->data, image->len ) ) != 0 ) {
+	if ( ( rc = fdt_parse ( fdt, image->rwdata, image->len ) ) != 0 ) {
 		DBGC ( fdt, "FDT image \"%s\" is invalid: %s\n",
 		       image->name, strerror ( rc ) );
 		return rc;