From patchwork Fri Sep 18 19:51:49 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [10/13] mtd: prevent a read from eraseregions[-1]
From: Andrew Morton <akpm@linux-foundation.org>
X-Patchwork-Id: 33888
Message-Id: <200909181951.n8IJpoN4023827@imap1.linux-foundation.org>
To: dwmw2@infradead.org
Cc: roel.kluin@gmail.com, akpm@linux-foundation.org,
 linux-mtd@lists.infradead.org
Date: Fri, 18 Sep 2009 12:51:49 -0700

From: Roel Kluin <roel.kluin@gmail.com>

If the erase region was found in the first iteration we read from
eraseregions[-1]

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

---
drivers/mtd/mtdconcat.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff -puN drivers/mtd/mtdconcat.c~mtd-prevent-a-read-from-eraseregions drivers/mtd/mtdconcat.c
--- a/drivers/mtd/mtdconcat.c~mtd-prevent-a-read-from-eraseregions
+++ a/drivers/mtd/mtdconcat.c
@@ -427,7 +427,7 @@ static int concat_erase(struct mtd_info 
 		 * to-be-erased area begins. Verify that the starting
 		 * offset is aligned to this region's erase size:
 		 */
-		if (instr->addr & (erase_regions[i].erasesize - 1))
+		if (i < 0 || instr->addr & (erase_regions[i].erasesize - 1))
 			return -EINVAL;
 
 		/*
@@ -440,8 +440,8 @@ static int concat_erase(struct mtd_info 
 		/*
 		 * check if the ending offset is aligned to this region's erase size
 		 */
-		if ((instr->addr + instr->len) & (erase_regions[i].erasesize -
-						  1))
+		if (i < 0 || ((instr->addr + instr->len) &
+					(erase_regions[i].erasesize - 1)))
 			return -EINVAL;
 	}