From patchwork Mon Dec 15 09:34:11 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Przemyslaw Marczak
X-Patchwork-Id: 421062
X-Patchwork-Delegate: l.majewski@samsung.com
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
by ozlabs.org (Postfix) with ESMTP id D2D541400B7
for ;
Mon, 15 Dec 2014 20:35:07 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
by theia.denx.de (Postfix) with ESMTP id 96F864B943;
Mon, 15 Dec 2014 10:35:01 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id UNsjqRQkfq1r; Mon, 15 Dec 2014 10:35:01 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
by theia.denx.de (Postfix) with ESMTP id 188964BA33;
Mon, 15 Dec 2014 10:34:56 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by theia.denx.de (Postfix) with ESMTP id EFB064BA18
for ; Mon, 15 Dec 2014 10:34:46 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PHSRweWD2ZaX for ;
Mon, 15 Dec 2014 10:34:46 +0100 (CET)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from mailout3.w1.samsung.com (mailout3.w1.samsung.com
[210.118.77.13]) by theia.denx.de (Postfix) with ESMTPS id E1D2F4BA1B
for ; Mon, 15 Dec 2014 10:34:45 +0100 (CET)
Received: from eucpsbgm1.samsung.com (unknown [203.254.199.244])
by mailout3.w1.samsung.com
(Oracle Communications Messaging Server 7u4-24.01(7.0.4.24.0) 64bit
(built Nov
17 2011)) with ESMTP id <0NGM00HIKASJZF30@mailout3.w1.samsung.com>
for u-boot@lists.denx.de; Mon, 15 Dec 2014 09:38:43 +0000 (GMT)
X-AuditID: cbfec7f4-b7f126d000001e9a-5a-548eab2f2f33
Received: from eusync1.samsung.com ( [203.254.199.211])
by eucpsbgm1.samsung.com (EUCPMTA) with SMTP id F8.D1.07834.F2BAE845;
Mon, 15 Dec 2014 09:34:39 +0000 (GMT)
Received: from AMDC1186.digital.local ([106.116.147.185])
by eusync1.samsung.com
(Oracle Communications Messaging Server 7u4-23.01(7.0.4.23.0) 64bit
(built Aug
10 2011)) with ESMTPA id <0NGM00J64ALMOV20@eusync1.samsung.com>; Mon,
15 Dec 2014 09:34:39 +0000 (GMT)
From: Przemyslaw Marczak
To: u-boot@lists.denx.de
Date: Mon, 15 Dec 2014 10:34:11 +0100
Message-id: <1418636051-31901-3-git-send-email-p.marczak@samsung.com>
X-Mailer: git-send-email 1.9.1
In-reply-to: <1418636051-31901-1-git-send-email-p.marczak@samsung.com>
References: <1418295780-27611-1-git-send-email-p.marczak@samsung.com>
<1418636051-31901-1-git-send-email-p.marczak@samsung.com>
X-Brightmail-Tracker:
H4sIAAAAAAAAA+NgFrrNJMWRmVeSWpSXmKPExsVy+t/xy7r6q/tCDG4/5LV483Azo8WbtkZG
ix2Xb7BYvN3bye7A4jFv1gkWj7N3djB69G1ZxRjAHMVlk5Kak1mWWqRvl8CVceWpQMEJrooZ
r36wNzCe4uhi5OSQEDCReL/nLQuELSZx4d56NhBbSGApo8TTRbpdjFxAdh+TxNcbp5lAEmwC
BhJ7Lp1hBrFFBCQkfvVfZQSxmQXKJTbtvw3UzMEhLBAhsfyRF0iYRUBV4tbCd0wgYV4BV4md
l0UgVslJnDw2mRXE5hRwk1h+4iw7xKpGRomr9/4zT2DkXcDIsIpRNLU0uaA4KT3XUK84Mbe4
NC9dLzk/dxMjJEC+7GBcfMzqEKMAB6MSD2/C3t4QIdbEsuLK3EOMEhzMSiK8cXP6QoR4UxIr
q1KL8uOLSnNSiw8xMnFwSjUwcrdx/tu50fen0bfgKasjlE7u5RLIqMtYrmn1OPl2+cECyY1s
WkYn0lrXSMmddT4ZzDI5f+K0nnsPw+wbbLZGbrXVXcLEZjOns+ma0c+Y6obe/C/zL0fNOvJE
S2Gr0IX/k9UCv/S0WW5INk/+P0Xvm1rHq1fhvkLfjvqbpt7cVfrGYImy2mUfJZbijERDLeai
4kQA4e99Yu4BAAA=
Cc: Marek Vasut , Przemyslaw Marczak
Subject: [U-Boot] [Patch V2 3/3] dfu: dfu_get_buf: check the value of env
dfu_bufsiz before use
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: U-Boot discussion
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de
In function dfu_get_buf(), the size of allocated buffer could
be defined by the env variable. The size from this variable
was passed for memalign() without checking its value.
And the the memalign will return non null pointer for size 0.
This could possibly cause data abort, so now the value of var
is checked before use. And if this variable is set to 0 then
the default size will be used.
This commit also changes the base passed to simple_strtoul()
to 0. Now decimal and hex values can be used for the variable
dfu_bufsiz.
Signed-off-by: Przemyslaw Marczak
---
Change v2:
- new patch
---
drivers/dfu/dfu.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/dfu/dfu.c b/drivers/dfu/dfu.c
index c0aba6e..49abd85 100644
--- a/drivers/dfu/dfu.c
+++ b/drivers/dfu/dfu.c
@@ -111,8 +111,12 @@ unsigned char *dfu_get_buf(struct dfu_entity *dfu)
return dfu_buf;
s = getenv("dfu_bufsiz");
- dfu_buf_size = s ? (unsigned long)simple_strtol(s, NULL, 16) :
- CONFIG_SYS_DFU_DATA_BUF_SIZE;
+ if (s)
+ dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
+
+ if (!s || !dfu_buf_size)
+ dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
+
if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
dfu_buf_size = dfu->max_buf_size;