From patchwork Fri Sep 18 19:51:49 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 33888 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [18.85.46.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 56479B7B74 for ; Sat, 19 Sep 2009 05:59:47 +1000 (EST) Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1MojWh-0005TA-Ay; Fri, 18 Sep 2009 19:53:51 +0000 Received: from smtp1.linux-foundation.org ([140.211.169.13]) by bombadil.infradead.org with esmtps (Exim 4.69 #1 (Red Hat Linux)) id 1MojWa-0005QB-1Y; Fri, 18 Sep 2009 19:53:48 +0000 Received: from imap1.linux-foundation.org (imap1.linux-foundation.org [140.211.169.55]) by smtp1.linux-foundation.org (8.14.2/8.13.5/Debian-3ubuntu1.1) with ESMTP id n8IJpwwk008458 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Sep 2009 12:52:51 -0700 Received: from localhost.localdomain (localhost [127.0.0.1]) by imap1.linux-foundation.org (8.13.5.20060308/8.13.5/Debian-3ubuntu1.1) with ESMTP id n8IJpoN4023827; Fri, 18 Sep 2009 12:51:50 -0700 Message-Id: <200909181951.n8IJpoN4023827@imap1.linux-foundation.org> Subject: [patch 10/13] mtd: prevent a read from eraseregions[-1] To: dwmw2@infradead.org From: akpm@linux-foundation.org Date: Fri, 18 Sep 2009 12:51:49 -0700 MIME-Version: 1.0 X-Spam-Status: No, hits=-3.513 required=5 tests=AWL, BAYES_00, OSDL_HEADER_SUBJECT_BRACKETED X-Spam-Checker-Version: SpamAssassin 3.2.4-osdl_revision__1.47__ X-MIMEDefang-Filter: lf$Revision: 1.188 $ X-Scanned-By: MIMEDefang 2.63 on 140.211.169.13 X-CRM114-Version: 20090807-BlameThorstenAndJenny ( TRE 0.7.5 (LGPL) ) MR-646709E3 X-CRM114-CacheID: sfid-20090918_155344_319849_A7BA4F56 X-CRM114-Status: GOOD ( 12.03 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.2.5 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- _SUMMARY_ Cc: roel.kluin@gmail.com, akpm@linux-foundation.org, linux-mtd@lists.infradead.org X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Roel Kluin If the erase region was found in the first iteration we read from eraseregions[-1] Signed-off-by: Roel Kluin Cc: David Woodhouse Signed-off-by: Andrew Morton --- drivers/mtd/mtdconcat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff -puN drivers/mtd/mtdconcat.c~mtd-prevent-a-read-from-eraseregions drivers/mtd/mtdconcat.c --- a/drivers/mtd/mtdconcat.c~mtd-prevent-a-read-from-eraseregions +++ a/drivers/mtd/mtdconcat.c @@ -427,7 +427,7 @@ static int concat_erase(struct mtd_info * to-be-erased area begins. Verify that the starting * offset is aligned to this region's erase size: */ - if (instr->addr & (erase_regions[i].erasesize - 1)) + if (i < 0 || instr->addr & (erase_regions[i].erasesize - 1)) return -EINVAL; /* @@ -440,8 +440,8 @@ static int concat_erase(struct mtd_info /* * check if the ending offset is aligned to this region's erase size */ - if ((instr->addr + instr->len) & (erase_regions[i].erasesize - - 1)) + if (i < 0 || ((instr->addr + instr->len) & + (erase_regions[i].erasesize - 1))) return -EINVAL; }