SPI flash operations inadvertently stretching beyond the flash size will
result in a wraparound. This may be particularly dangerous when burning
u-boot, because the flash contents will be corrupted rendering the board
unusable, without any warning being issued.
So add a consistency checking so not to overflow past the flash size.
Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
if (*argv[3] == 0 || *endp != 0)
return -1;
if (*argv[3] == 0 || *endp != 0)
return -1;
+ /* Consistency checking */
+ if (offset + len > flash->size) {
+ printf("ERROR: attempting %s past flash size (%#x)\n",
+ argv[0], flash->size);
+ return 1;
+ }
+
buf = map_physmem(addr, len, MAP_WRBACK);
if (!buf) {
puts("Failed to map physical memory\n");
buf = map_physmem(addr, len, MAP_WRBACK);
if (!buf) {
puts("Failed to map physical memory\n");
+ /* Consistency checking */
+ if (offset + len > flash->size) {
+ printf("ERROR: attempting %s past flash size (%#x)\n",
+ argv[0], flash->size);
+ return 1;
+ }
+
ret = spi_flash_erase(flash, offset, len);
if (ret) {
printf("SPI flash %s failed\n", argv[0]);
ret = spi_flash_erase(flash, offset, len);
if (ret) {
printf("SPI flash %s failed\n", argv[0]);