Commit 864939949eda9108fb7bc350af040500cd102954
Committed by
Mike Frysinger
1 parent
41e1713425
Exists in
master
and in
54 other branches
cmd_sf: add size checking to spi flash commands
SPI flash operations inadvertently stretching beyond the flash size will result in a wraparound. This may be particularly dangerous when burning u-boot, because the flash contents will be corrupted rendering the board unusable, without any warning being issued. So add a consistency checking so not to overflow past the flash size. Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Showing 1 changed file with 14 additions and 0 deletions Side-by-side Diff
common/cmd_sf.c
... | ... | @@ -211,6 +211,13 @@ |
211 | 211 | if (*argv[3] == 0 || *endp != 0) |
212 | 212 | return -1; |
213 | 213 | |
214 | + /* Consistency checking */ | |
215 | + if (offset + len > flash->size) { | |
216 | + printf("ERROR: attempting %s past flash size (%#x)\n", | |
217 | + argv[0], flash->size); | |
218 | + return 1; | |
219 | + } | |
220 | + | |
214 | 221 | buf = map_physmem(addr, len, MAP_WRBACK); |
215 | 222 | if (!buf) { |
216 | 223 | puts("Failed to map physical memory\n"); |
... | ... | @@ -251,6 +258,13 @@ |
251 | 258 | ret = sf_parse_len_arg(argv[2], &len); |
252 | 259 | if (ret != 1) |
253 | 260 | return -1; |
261 | + | |
262 | + /* Consistency checking */ | |
263 | + if (offset + len > flash->size) { | |
264 | + printf("ERROR: attempting %s past flash size (%#x)\n", | |
265 | + argv[0], flash->size); | |
266 | + return 1; | |
267 | + } | |
254 | 268 | |
255 | 269 | ret = spi_flash_erase(flash, offset, len); |
256 | 270 | if (ret) { |