diff options
author | Gerlando Falauto <gerlando.falauto@keymile.com> | 2012-04-03 04:34:13 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2012-04-03 04:34:13 +0000 |
commit | 864939949eda9108fb7bc350af040500cd102954 (patch) | |
tree | e60fcc33d0dfc34f85a3a8825ed9c7bc819eece0 | |
parent | 41e1713425d9817fdbe4fc89ad11b8dc9c4fca30 (diff) | |
download | u-boot-imx-864939949eda9108fb7bc350af040500cd102954.zip u-boot-imx-864939949eda9108fb7bc350af040500cd102954.tar.gz u-boot-imx-864939949eda9108fb7bc350af040500cd102954.tar.bz2 |
cmd_sf: add size checking to spi flash commands
SPI flash operations inadvertently stretching beyond the flash size will
result in a wraparound. This may be particularly dangerous when burning
u-boot, because the flash contents will be corrupted rendering the board
unusable, without any warning being issued.
So add a consistency checking so not to overflow past the flash size.
Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-rw-r--r-- | common/cmd_sf.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/common/cmd_sf.c b/common/cmd_sf.c index 9c76464..5ac1d0c 100644 --- a/common/cmd_sf.c +++ b/common/cmd_sf.c @@ -211,6 +211,13 @@ static int do_spi_flash_read_write(int argc, char * const argv[]) if (*argv[3] == 0 || *endp != 0) return -1; + /* Consistency checking */ + if (offset + len > flash->size) { + printf("ERROR: attempting %s past flash size (%#x)\n", + argv[0], flash->size); + return 1; + } + buf = map_physmem(addr, len, MAP_WRBACK); if (!buf) { puts("Failed to map physical memory\n"); @@ -252,6 +259,13 @@ static int do_spi_flash_erase(int argc, char * const argv[]) if (ret != 1) return -1; + /* Consistency checking */ + if (offset + len > flash->size) { + printf("ERROR: attempting %s past flash size (%#x)\n", + argv[0], flash->size); + return 1; + } + ret = spi_flash_erase(flash, offset, len); if (ret) { printf("SPI flash %s failed\n", argv[0]); |