cmd_sf: add size checking to spi flash commands

author Gerlando Falauto <gerlando.falauto@keymile.com>

Tue, 3 Apr 2012 04:34:13 +0000 (04:34 +0000)

committer Mike Frysinger <vapier@gentoo.org>

Tue, 3 Apr 2012 04:34:13 +0000 (04:34 +0000)
author Gerlando Falauto <gerlando.falauto@keymile.com>
Tue, 3 Apr 2012 04:34:13 +0000 (04:34 +0000)
committer Mike Frysinger <vapier@gentoo.org>
Tue, 3 Apr 2012 04:34:13 +0000 (04:34 +0000)
diff --git a/common/cmd_sf.c b/common/cmd_sf.c

index 9c76464a9a84a72862d97e4d1235f57785cb1e7b..5ac1d0c4c1ef4ef9cc34b30b3e056b2a76744beb 100644 (file)
--- a/common/cmd_sf.c
+++ b/common/cmd_sf.c
@@ -211,6 +211,13 @@ static int do_spi_flash_read_write(int argc, char * const argv[])
         if (*argv[3] == 0 || *endp != 0)
                 return -1;
  
+       /* Consistency checking */
+       if (offset + len > flash->size) {
+               printf("ERROR: attempting %s past flash size (%#x)\n",
+                       argv[0], flash->size);
+               return 1;
+       }
+
         buf = map_physmem(addr, len, MAP_WRBACK);
         if (!buf) {
                 puts("Failed to map physical memory\n");
@@ -252,6 +259,13 @@ static int do_spi_flash_erase(int argc, char * const argv[])
         if (ret != 1)
                 return -1;
  
+       /* Consistency checking */
+       if (offset + len > flash->size) {
+               printf("ERROR: attempting %s past flash size (%#x)\n",
+                       argv[0], flash->size);
+               return 1;
+       }
+
         ret = spi_flash_erase(flash, offset, len);
         if (ret) {
                 printf("SPI flash %s failed\n", argv[0]);
author	Gerlando Falauto <gerlando.falauto@keymile.com>
	Tue, 3 Apr 2012 04:34:13 +0000 (04:34 +0000)
committer	Mike Frysinger <vapier@gentoo.org>
	Tue, 3 Apr 2012 04:34:13 +0000 (04:34 +0000)