V3s_Allwinner
/
uboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

cmd_sf: add size checking to spi flash commands 

SPI flash operations inadvertently stretching beyond the flash size will
result in a wraparound. This may be particularly dangerous when burning
u-boot, because the flash contents will be corrupted rendering the board
unusable, without any warning being issued.
So add a consistency checking so not to overflow past the flash size.

Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This commit is contained in:
Gerlando Falauto 2012-04-03 04:34:13 +00:00 committed by Mike Frysinger
parent 41e1713425
commit 864939949e
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common/cmd_sf.c
View File

@ -211,6 +211,13 @@ static int do_spi_flash_read_write(int argc, char * const argv[])
if (*argv[3] == 0 || *endp != 0) if (*argv[3] == 0 || *endp != 0)
return -1; return -1;
/* Consistency checking */
if (offset + len > flash->size) {
printf("ERROR: attempting %s past flash size (%#x)\n",
argv[0], flash->size);
return 1;
}
buf = map_physmem(addr, len, MAP_WRBACK); buf = map_physmem(addr, len, MAP_WRBACK);
if (!buf) { if (!buf) {
puts("Failed to map physical memory\n"); puts("Failed to map physical memory\n");
@ -252,6 +259,13 @@ static int do_spi_flash_erase(int argc, char * const argv[])
if (ret != 1) if (ret != 1)
return -1; return -1;
/* Consistency checking */
if (offset + len > flash->size) {
printf("ERROR: attempting %s past flash size (%#x)\n",
argv[0], flash->size);
return 1;
}
ret = spi_flash_erase(flash, offset, len); ret = spi_flash_erase(flash, offset, len);
if (ret) { if (ret) {
printf("SPI flash %s failed\n", argv[0]); printf("SPI flash %s failed\n", argv[0]);