Commit 5701ba82894d679eb42df5d0b93a2d44b3df695d
Committed by
Stefan Roese
1 parent
9dbaebcf9f
Exists in
smarc_8mq_lf_v2020.04
and in
17 other branches
cfi_flash: Bound-check index before array access
In a while loop in cfi_flash.c the array "start" is accessed at the index "sector" before the index variable "sector" is bounds-checked, which might lead to accesses beyond the bounds of the array. Swap the order of the checks in the "&&" expression, so that the short-circuit evaluation prevents out-of-bounds array accesses. Signed-off-by: Mario Six <mario.six@gdsys.cc> Signed-off-by: Stefan Roese <sr@denx.de>
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
drivers/mtd/cfi_flash.c
... | ... | @@ -761,8 +761,8 @@ |
761 | 761 | if (info != saved_info || sector >= info->sector_count) |
762 | 762 | sector = 0; |
763 | 763 | |
764 | - while ((info->start[sector] < addr) && | |
765 | - (sector < info->sector_count - 1)) | |
764 | + while ((sector < info->sector_count - 1) && | |
765 | + (info->start[sector] < addr)) | |
766 | 766 | sector++; |
767 | 767 | while ((info->start[sector] > addr) && (sector > 0)) |
768 | 768 | /* |