From patchwork Wed Nov 3 08:27:24 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Norris X-Patchwork-Id: 69957 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from canuck.infradead.org (canuck.infradead.org [134.117.69.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 3086DB6EDF for ; Wed, 3 Nov 2010 20:12:54 +1100 (EST) Received: from localhost ([127.0.0.1] helo=canuck.infradead.org) by canuck.infradead.org with esmtp (Exim 4.72 #1 (Red Hat Linux)) id 1PDYkD-0007rM-GF; Wed, 03 Nov 2010 08:30:57 +0000 Received: from mms1.broadcom.com ([216.31.210.17]) by canuck.infradead.org with esmtp (Exim 4.72 #1 (Red Hat Linux)) id 1PDYjt-0007lN-6o for linux-mtd@lists.infradead.org; Wed, 03 Nov 2010 08:30:38 +0000 Received: from [10.9.200.133] by mms1.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.3.2)); Wed, 03 Nov 2010 01:30:29 -0700 X-Server-Uuid: 02CED230-5797-4B57-9875-D5D2FEE4708A Received: from mail-irva-12.broadcom.com (10.11.16.101) by IRVEXCHHUB02.corp.ad.broadcom.com (10.9.200.133) with Microsoft SMTP Server id 8.2.247.2; Wed, 3 Nov 2010 01:31:47 -0700 Received: from localhost.localdomain (ld-irv-0074.broadcom.com [10.12.160.50]) by mail-irva-12.broadcom.com (Postfix) with ESMTP id BAFD769CFC; Wed, 3 Nov 2010 01:30:14 -0700 (PDT) From: "Brian Norris" To: linux-mtd@lists.infradead.org Subject: [PATCH 07/10] mtd-utils: nandwrite: avoid NULL buffer pointers Date: Wed, 3 Nov 2010 01:27:24 -0700 Message-ID: <1288772847-8120-7-git-send-email-computersforpeace@gmail.com> X-Mailer: git-send-email 1.7.0.4 In-Reply-To: <1288772847-8120-1-git-send-email-computersforpeace@gmail.com> References: <1288772847-8120-1-git-send-email-computersforpeace@gmail.com> MIME-Version: 1.0 X-WSS-ID: 60CFC22F47850606674-01-01 X-CRM114-Version: 20090807-BlameThorstenAndJenny ( TRE 0.7.6 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20101103_043037_570701_AAB6FC8E X-CRM114-Status: GOOD ( 16.92 ) X-Spam-Score: 1.2 (+) X-Spam-Report: SpamAssassin version 3.3.1 on canuck.infradead.org summary: Content analysis details: (1.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is freemail (computersforpeace[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL Cc: Brian Norris , Jehan Bing , David Woodhouse , Mike Frysinger , Artem Bityutskiy X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Commit 07005d915d6a79dbdee14b0c4360df5058c3a98b made changes to the buffer allocation in nandwrite and did not handle all affected code areas properly. In particular, we were assigning: oob.ptr = noecc ? oobreadbuf : oobbuf; However, since oobreadbuf and oobbuf are declared dynamically, they are NULL at this point. If they aren't properly assigned later, we unwittingly are passing a NULL pointer as oob buffer. This assignment line is best moved after the buffer allocations and pointer assignment. Effects of this problem can be seen when writing oob data with the "-o" flag and without the "-n" flag: $ ./nandwrite -o /dev/mtd0 img.bin Writing data to block 0 at offset 0x0 ioctl(MEMWRITEOOB): Bad address Data was only partially written due to error : Bad address Signed-off-by: Brian Norris --- nandwrite.c | 6 ++---- 1 files changed, 2 insertions(+), 4 deletions(-) diff --git a/nandwrite.c b/nandwrite.c index b362c29..8ec5afe 100644 --- a/nandwrite.c +++ b/nandwrite.c @@ -391,7 +391,6 @@ int main(int argc, char * const argv[]) } oob.length = mtd.oob_size; - oob.ptr = noecc ? oobreadbuf : oobbuf; /* Determine if we are reading from standard input or from a file. */ if (strcmp(img, standard_input) == 0) { @@ -594,9 +593,7 @@ int main(int argc, char * const argv[]) } } - if (noecc) { - oob.ptr = oobreadbuf; - } else { + if (!noecc) { int i, start, len; int tags_pos = 0; /* @@ -630,6 +627,7 @@ int main(int argc, char * const argv[]) } /* Write OOB data first, as ecc will be placed in there */ oob.start = mtdoffset; + oob.ptr = noecc ? oobreadbuf : oobbuf; if (ioctl(fd, MEMWRITEOOB, &oob) != 0) { perror("ioctl(MEMWRITEOOB)"); goto closeall;