Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit 864939949eda9108fb7bc350af040500cd102954

Authored by Gerlando Falauto
Committed by Mike Frysinger
1 parent 41e1713425
Exists in master and in 54 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, imx_v2015.04_4.1.15_1.0.0_ga, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-emmc-imx_v2014.04_3.10.53_1.1.0_ga, smarc-emmc-imx_v2014.04_3.14.28_1.0.0_ga, smarc-imx-l5.0.0_1.0.0-ga, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2017.03_4.9.11_1.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2014.04_3.14.28_1.0.0_ga, smarc-imx_v2015.04_4.1.15_1.0.0_ga, smarc-imx_v2017.03_4.9.11_1.0.0_ga, smarc-imx_v2017.03_4.9.88_2.0.0_ga, smarc-imx_v2017.03_o8.1.0_1.3.0_8m, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_2.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0, smarc_8mq_lf_v2020.04, ti-u-boot-2015.07, u-boot-2013.01.y, v2013.10, v2013.10-smarct33, v2013.10-smartmen, v2014.01, v2014.04, v2014.04-smarct33, v2014.04-smarct33-emmc, v2014.04-smartmen, v2014.07, v2014.07-smarct33, v2014.07-smartmen, v2015.07-smarct33, v2015.07-smarct33-emmc, v2015.07-smarct4x, v2016.05-dlt, v2016.05-smarct3x, v2016.05-smarct3x-emmc, v2016.05-smarct4x, v2017.01-smarct3x, v2017.01-smarct3x-emmc, v2017.01-smarct4x

cmd_sf: add size checking to spi flash commands 

SPI flash operations inadvertently stretching beyond the flash size will
result in a wraparound. This may be particularly dangerous when burning
u-boot, because the flash contents will be corrupted rendering the board
unusable, without any warning being issued.
So add a consistency checking so not to overflow past the flash size.

Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Showing 1 changed file with 14 additions and 0 deletions Side-by-side Diff

... ... @@ -211,6 +211,13 @@
211 211 if (*argv[3] == 0 || *endp != 0)
212 212 return -1;
213 213  
  214 + /* Consistency checking */
  215 + if (offset + len > flash->size) {
  216 + printf("ERROR: attempting %s past flash size (%#x)\n",
  217 + argv[0], flash->size);
  218 + return 1;
  219 + }
  220 +
214 221 buf = map_physmem(addr, len, MAP_WRBACK);
215 222 if (!buf) {
216 223 puts("Failed to map physical memory\n");
... ... @@ -251,6 +258,13 @@
251 258 ret = sf_parse_len_arg(argv[2], &len);
252 259 if (ret != 1)
253 260 return -1;
  261 +
  262 + /* Consistency checking */
  263 + if (offset + len > flash->size) {
  264 + printf("ERROR: attempting %s past flash size (%#x)\n",
  265 + argv[0], flash->size);
  266 + return 1;
  267 + }
254 268  
255 269 ret = spi_flash_erase(flash, offset, len);
256 270 if (ret) {