From patchwork Tue Jul 7 11:56:44 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Singh, Vimal" X-Patchwork-Id: 29526 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [18.85.46.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bilbo.ozlabs.org (Postfix) with ESMTPS id A4683B6F1F for ; Tue, 7 Jul 2009 22:02:14 +1000 (EST) Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1MO9IR-0004kR-BW; Tue, 07 Jul 2009 11:57:15 +0000 Received: from bear.ext.ti.com ([192.94.94.41]) by bombadil.infradead.org with esmtps (Exim 4.69 #1 (Red Hat Linux)) id 1MO9I3-0004hC-JY for linux-mtd@lists.infradead.org; Tue, 07 Jul 2009 11:56:59 +0000 Received: from dlep35.itg.ti.com ([157.170.170.118]) by bear.ext.ti.com (8.13.7/8.13.7) with ESMTP id n67BuiMQ007973 for ; Tue, 7 Jul 2009 06:56:49 -0500 Received: from webmail.ti.com (localhost [127.0.0.1]) by dlep35.itg.ti.com (8.13.7/8.13.7) with ESMTP id n67Bugcb015510 for ; Tue, 7 Jul 2009 06:56:43 -0500 (CDT) Received: from 192.168.10.89 (proxying for 10.24.255.18) (SquirrelMail authenticated user x0094262); by dbdmail.itg.ti.com with HTTP; Tue, 7 Jul 2009 17:26:44 +0530 (IST) Message-ID: <61715.192.168.10.89.1246967804.squirrel@dbdmail.itg.ti.com> Date: Tue, 7 Jul 2009 17:26:44 +0530 (IST) Subject: [PATCH][MTD][NAND] nand_base.c: Fixing past end of the page read, in nand_do_read_oob From: "vimal singh" To: linux-mtd@lists.infradead.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 X-Priority: 3 (Normal) Importance: Normal X-Spam-Score: 0.0 (/) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Check for reading past end of the page, in the function 'nand_do_read_oob', was missing. This patch fixes it. Signed-off-by: Vimal Singh --- This bug was found while testing with 'NAND test modules: oobtest' (maintained by Adrian Hunter). http://git.infradead.org/users/ahunter/nand-tests.git --- a/drivers/mtd/nand/nand_base.c 2009-07-07 15:40:35.000000000 +0530 +++ b/drivers/mtd/nand/nand_base.c 2009-07-07 15:40:51.000000000 +0530 @@ -1427,6 +1427,13 @@ static int nand_do_read_oob(struct mtd_i return -EINVAL; } + /* Do not allow read past end of page */ + if ((ops->ooboffs + ops->ooblen) > len) { + DEBUG(MTD_DEBUG_LEVEL0, "%s: Attempt to read " + "past end of page\n", __func__); + return -EINVAL; + } + /* Do not allow reads past end of device */ if (unlikely(from >= mtd->size || ops->ooboffs + readlen > ((mtd->size >> chip->page_shift) -