Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit 24f48416dfe1d827dcf759d6cd0e7a8e5c67e321

Authored by Heinrich Schuchardt
Committed by Tom Rini
1 parent 254eedee7f
Exists in smarc_8mq_lf_v2020.04 and in 17 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0

fs: avoid possible NULL dereference in fs_devread 

It is unwise to first dereference a variable
and then to check if it was NULL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Marek Behun <marek.behun@nic.cz>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

Showing 1 changed file with 2 additions and 1 deletions Inline Diff

1 /* 1 /*
2 * 2017 by Marek Behun <marek.behun@nic.cz> 2 * 2017 by Marek Behun <marek.behun@nic.cz>
3 * 3 *
4 * Derived from code in ext4/dev.c, which was based on reiserfs/dev.c 4 * Derived from code in ext4/dev.c, which was based on reiserfs/dev.c
5 * 5 *
6 * SPDX-License-Identifier: GPL-2.0 6 * SPDX-License-Identifier: GPL-2.0
7 */ 7 */
8 8
9 #include <common.h> 9 #include <common.h>
10 #include <compiler.h> 10 #include <compiler.h>
11 #include <part.h> 11 #include <part.h>
12 #include <memalign.h> 12 #include <memalign.h>
13 13
14 int fs_devread(struct blk_desc *blk, disk_partition_t *partition, 14 int fs_devread(struct blk_desc *blk, disk_partition_t *partition,
15 lbaint_t sector, int byte_offset, int byte_len, char *buf) 15 lbaint_t sector, int byte_offset, int byte_len, char *buf)
16 { 16 {
17 unsigned block_len; 17 unsigned block_len;
18 int log2blksz = blk->log2blksz; 18 int log2blksz;
19 ALLOC_CACHE_ALIGN_BUFFER(char, sec_buf, (blk ? blk->blksz : 0)); 19 ALLOC_CACHE_ALIGN_BUFFER(char, sec_buf, (blk ? blk->blksz : 0));
20 if (blk == NULL) { 20 if (blk == NULL) {
21 printf("** Invalid Block Device Descriptor (NULL)\n"); 21 printf("** Invalid Block Device Descriptor (NULL)\n");
22 return 0; 22 return 0;
23 } 23 }
24 log2blksz = blk->log2blksz;
24 25
25 /* Check partition boundaries */ 26 /* Check partition boundaries */
26 if ((sector + ((byte_offset + byte_len - 1) >> log2blksz)) 27 if ((sector + ((byte_offset + byte_len - 1) >> log2blksz))
27 >= partition->size) { 28 >= partition->size) {
28 printf("%s read outside partition " LBAFU "\n", __func__, 29 printf("%s read outside partition " LBAFU "\n", __func__,
29 sector); 30 sector);
30 return 0; 31 return 0;
31 } 32 }
32 33
33 /* Get the read to the beginning of a partition */ 34 /* Get the read to the beginning of a partition */
34 sector += byte_offset >> log2blksz; 35 sector += byte_offset >> log2blksz;
35 byte_offset &= blk->blksz - 1; 36 byte_offset &= blk->blksz - 1;
36 37
37 debug(" <" LBAFU ", %d, %d>\n", sector, byte_offset, byte_len); 38 debug(" <" LBAFU ", %d, %d>\n", sector, byte_offset, byte_len);
38 39
39 if (byte_offset != 0) { 40 if (byte_offset != 0) {
40 int readlen; 41 int readlen;
41 /* read first part which isn't aligned with start of sector */ 42 /* read first part which isn't aligned with start of sector */
42 if (blk_dread(blk, partition->start + sector, 1, 43 if (blk_dread(blk, partition->start + sector, 1,
43 (void *)sec_buf) != 1) { 44 (void *)sec_buf) != 1) {
44 printf(" ** %s read error **\n", __func__); 45 printf(" ** %s read error **\n", __func__);
45 return 0; 46 return 0;
46 } 47 }
47 readlen = min((int)blk->blksz - byte_offset, 48 readlen = min((int)blk->blksz - byte_offset,
48 byte_len); 49 byte_len);
49 memcpy(buf, sec_buf + byte_offset, readlen); 50 memcpy(buf, sec_buf + byte_offset, readlen);
50 buf += readlen; 51 buf += readlen;
51 byte_len -= readlen; 52 byte_len -= readlen;
52 sector++; 53 sector++;
53 } 54 }
54 55
55 if (byte_len == 0) 56 if (byte_len == 0)
56 return 1; 57 return 1;
57 58
58 /* read sector aligned part */ 59 /* read sector aligned part */
59 block_len = byte_len & ~(blk->blksz - 1); 60 block_len = byte_len & ~(blk->blksz - 1);
60 61
61 if (block_len == 0) { 62 if (block_len == 0) {
62 ALLOC_CACHE_ALIGN_BUFFER(u8, p, blk->blksz); 63 ALLOC_CACHE_ALIGN_BUFFER(u8, p, blk->blksz);
63 64
64 block_len = blk->blksz; 65 block_len = blk->blksz;
65 blk_dread(blk, partition->start + sector, 1, 66 blk_dread(blk, partition->start + sector, 1,
66 (void *)p); 67 (void *)p);
67 memcpy(buf, p, byte_len); 68 memcpy(buf, p, byte_len);
68 return 1; 69 return 1;
69 } 70 }
70 71
71 if (blk_dread(blk, partition->start + sector, 72 if (blk_dread(blk, partition->start + sector,
72 block_len >> log2blksz, (void *)buf) != 73 block_len >> log2blksz, (void *)buf) !=
73 block_len >> log2blksz) { 74 block_len >> log2blksz) {
74 printf(" ** %s read error - block\n", __func__); 75 printf(" ** %s read error - block\n", __func__);
75 return 0; 76 return 0;
76 } 77 }
77 block_len = byte_len & ~(blk->blksz - 1); 78 block_len = byte_len & ~(blk->blksz - 1);
78 buf += block_len; 79 buf += block_len;
79 byte_len -= block_len; 80 byte_len -= block_len;
80 sector += block_len / blk->blksz; 81 sector += block_len / blk->blksz;
81 82
82 if (byte_len != 0) { 83 if (byte_len != 0) {
83 /* read rest of data which are not in whole sector */ 84 /* read rest of data which are not in whole sector */
84 if (blk_dread(blk, partition->start + sector, 1, 85 if (blk_dread(blk, partition->start + sector, 1,
85 (void *)sec_buf) != 1) { 86 (void *)sec_buf) != 1) {
86 printf("* %s read error - last part\n", __func__); 87 printf("* %s read error - last part\n", __func__);
87 return 0; 88 return 0;
88 } 89 }
89 memcpy(buf, sec_buf, byte_len); 90 memcpy(buf, sec_buf, byte_len);
90 } 91 }
91 return 1; 92 return 1;
92 } 93 }
93 94