From patchwork Tue Jul  7 11:56:44 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [MTD, NAND] nand_base.c: Fixing past end of the page read,
 in nand_do_read_oob
Date: Tue, 07 Jul 2009 01:56:44 -0000
From: "Singh, Vimal" <vimalsingh@ti.com>
X-Patchwork-Id: 29526
Message-Id: <61715.192.168.10.89.1246967804.squirrel@dbdmail.itg.ti.com>
To: linux-mtd@lists.infradead.org

Check for reading past end of the page, in the function 'nand_do_read_oob', was
missing. This patch fixes it.

Signed-off-by: Vimal Singh <vimalsingh@ti.com>

---
This bug was found while testing with 'NAND test modules: oobtest' (maintained
by Adrian Hunter).
http://git.infradead.org/users/ahunter/nand-tests.git

--- a/drivers/mtd/nand/nand_base.c	2009-07-07 15:40:35.000000000 +0530
+++ b/drivers/mtd/nand/nand_base.c	2009-07-07 15:40:51.000000000 +0530
@@ -1427,6 +1427,13 @@ static int nand_do_read_oob(struct mtd_i
 		return -EINVAL;
 	}

+	/* Do not allow read past end of page */
+	if ((ops->ooboffs + ops->ooblen) > len) {
+		DEBUG(MTD_DEBUG_LEVEL0, "%s: Attempt to read "
+				"past end of page\n", __func__);
+		return -EINVAL;
+	}
+
 	/* Do not allow reads past end of device */
 	if (unlikely(from >= mtd->size ||
 		     ops->ooboffs + readlen > ((mtd->size >> chip->page_shift) -