| Submitter | Gerlando Falauto |
|---|---|
| Date | April 3, 2012, 2:34 p.m. |
| Message ID | <1333463653-31311-1-git-send-email-gerlando.falauto@keymile.com> |
| Download | mbox | patch |
| Permalink | /patch/150455/ |
| State | Accepted |
| Delegated to: | Mike Frysinger |
| Headers | show |
Comments
On Tue, Apr 3, 2012 at 07:34, Gerlando Falauto wrote: > SPI flash operations inadvertently stretching beyond the flash size will > result in a wraparound. This may be particularly dangerous when burning > u-boot, because the flash contents will be corrupted rendering the board > unusable, without any warning being issued. > So add a consistency checking so not to overflow past the flash size. looks OK to me. i'll test it locally and merge it into my SF branch. cheers! -mike
Patch
diff --git a/common/cmd_sf.c b/common/cmd_sf.c index 9c76464..3cfedde 100644 --- a/common/cmd_sf.c +++ b/common/cmd_sf.c @@ -211,6 +211,13 @@ static int do_spi_flash_read_write(int argc, char * const argv[]) if (*argv[3] == 0 || *endp != 0) return -1; + /* Consistency checking */ + if (offset + len > flash->size) { + printf("ERROR: Attempting SPI flash %s past flash size (0x%x)\n", + argv[0], flash->size); + return 1; + } + buf = map_physmem(addr, len, MAP_WRBACK); if (!buf) { puts("Failed to map physical memory\n"); @@ -252,6 +259,13 @@ static int do_spi_flash_erase(int argc, char * const argv[]) if (ret != 1) return -1; + /* Consistency checking */ + if (offset + len > flash->size) { + printf("ERROR: Attempting SPI flash %s past flash size (0x%x)\n", + argv[0], flash->size); + return 1; + } + ret = spi_flash_erase(flash, offset, len); if (ret) { printf("SPI flash %s failed\n", argv[0]);
SPI flash operations inadvertently stretching beyond the flash size will result in a wraparound. This may be particularly dangerous when burning u-boot, because the flash contents will be corrupted rendering the board unusable, without any warning being issued. So add a consistency checking so not to overflow past the flash size. Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com> Cc: Valentin Longchamp <valentin.longchamp@keymile.com> Cc: Holger Brunck <holger.brunck@keymile.com> --- common/cmd_sf.c | 14 ++++++++++++++ 1 files changed, 14 insertions(+), 0 deletions(-)