From patchwork Sun Aug 9 09:35:36 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: roel kluin X-Patchwork-Id: 31013 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [18.85.46.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bilbo.ozlabs.org (Postfix) with ESMTPS id 2F531B7B6F for ; Sun, 9 Aug 2009 19:33:57 +1000 (EST) Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1Ma4ky-0005PJ-NM; Sun, 09 Aug 2009 09:32:00 +0000 Received: from mail-ew0-f211.google.com ([209.85.219.211]) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1Ma4ks-0005P1-G6 for linux-mtd@lists.infradead.org; Sun, 09 Aug 2009 09:31:58 +0000 Received: by ewy7 with SMTP id 7so2088885ewy.18 for ; Sun, 09 Aug 2009 02:31:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=lBLaRA8Sb2M56UHoZwqZv9g96U0SrXG4IvJiExx4dec=; b=kfP5jWj6NEuxUNpOKVUxselD+z8JkHVrUWWi+epxSRzWIq3rPsouxLKulYULsev4wt PAnsfK3q/P6e/HBjiu51JTwm1plRyuVQxyPCSRr2BjwDprxTzN/lCiWx/8b9RThd2vNI gMRsk17uLYtZFTVuhJeSs0w7JMo7hqpHmECGQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=sGjm9aOn4y1KUbolUep7SmlnhavhJZxAmTinBZQ119Mt+NIUVGUbOXa0iwiRz2MS+Q uhyubwRbDGlFMiNW5Rozw8xXGyVxRpAbhOFdF2NTqZIkrQBeexasKpKssWMdORbrgRPA CB1HCt4uJcnXvlY2MBVOe+bU6I9Na3eYdyEHY= Received: by 10.210.54.19 with SMTP id c19mr1633479eba.8.1249810312989; Sun, 09 Aug 2009 02:31:52 -0700 (PDT) Received: from zoinx.mars (d133062.upc-d.chello.nl [213.46.133.62]) by mx.google.com with ESMTPS id 5sm7980730eyf.58.2009.08.09.02.31.52 (version=SSLv3 cipher=RC4-MD5); Sun, 09 Aug 2009 02:31:52 -0700 (PDT) Message-ID: <4A7E9868.6070505@gmail.com> Date: Sun, 09 Aug 2009 11:35:36 +0200 From: Roel Kluin User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Thunderbird/3.0b2 MIME-Version: 1.0 To: David Woodhouse , linux-mtd@lists.infradead.org, Andrew Morton Subject: [PATCH] MTD: Prevent a read from eraseregions[-1] X-Spam-Score: 0.0 (/) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org If the erase region was found in the first iteration we read from eraseregions[-1] Signed-off-by: Roel Kluin diff --git a/drivers/mtd/mtdconcat.c b/drivers/mtd/mtdconcat.c index 792b547..db6de74 100644 --- a/drivers/mtd/mtdconcat.c +++ b/drivers/mtd/mtdconcat.c @@ -427,7 +427,7 @@ static int concat_erase(struct mtd_info *mtd, struct erase_info *instr) * to-be-erased area begins. Verify that the starting * offset is aligned to this region's erase size: */ - if (instr->addr & (erase_regions[i].erasesize - 1)) + if (i < 0 || instr->addr & (erase_regions[i].erasesize - 1)) return -EINVAL; /* @@ -440,8 +440,8 @@ static int concat_erase(struct mtd_info *mtd, struct erase_info *instr) /* * check if the ending offset is aligned to this region's erase size */ - if ((instr->addr + instr->len) & (erase_regions[i].erasesize - - 1)) + if (i < 0 || ((instr->addr + instr->len) & + (erase_regions[i].erasesize - 1))) return -EINVAL; }