cmd_sf: add size checking to spi flash commands

SPI flash operations inadvertently stretching beyond the flash size will result in a wraparound. This may be particularly dangerous when burning u-boot, because the flash contents will be corrupted rendering the board unusable, without any warning being issued. So add a consistency checking so not to overflow past the flash size. Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-04-03 04:34:13 +00:00 · 2012-04-03 04:34:13 +00:00 · 864939949e
parent 41e1713425
commit 864939949e
1 changed files with 14 additions and 0 deletions
--- a/common/cmd_sf.c
+++ b/common/cmd_sf.c
@ -211,6 +211,13 @@ static int do_spi_flash_read_write(int argc, char * const argv[])
 	if (*argv[3] == 0 || *endp != 0)
 		return -1;

+	/* Consistency checking */
+	if (offset + len > flash->size) {
+		printf("ERROR: attempting %s past flash size (%#x)\n",
+			argv[0], flash->size);
+		return 1;
+	}
+
 	buf = map_physmem(addr, len, MAP_WRBACK);
 	if (!buf) {
 		puts("Failed to map physical memory\n");
@ -252,6 +259,13 @@ static int do_spi_flash_erase(int argc, char * const argv[])
 	if (ret != 1)
 		return -1;

+	/* Consistency checking */
+	if (offset + len > flash->size) {
+		printf("ERROR: attempting %s past flash size (%#x)\n",
+			argv[0], flash->size);
+		return 1;
+	}
+
 	ret = spi_flash_erase(flash, offset, len);
 	if (ret) {
 		printf("SPI flash %s failed\n", argv[0]);