aboutsummaryrefslogtreecommitdiff
path: root/common/cmd_sf.c
diff options
context:
space:
mode:
authorGerlando Falauto2012-04-03 04:34:13 +0000
committerMike Frysinger2012-04-03 04:34:13 +0000
commit864939949eda9108fb7bc350af040500cd102954 (patch)
treee60fcc33d0dfc34f85a3a8825ed9c7bc819eece0 /common/cmd_sf.c
parent41e1713425d9817fdbe4fc89ad11b8dc9c4fca30 (diff)
cmd_sf: add size checking to spi flash commands
SPI flash operations inadvertently stretching beyond the flash size will result in a wraparound. This may be particularly dangerous when burning u-boot, because the flash contents will be corrupted rendering the board unusable, without any warning being issued. So add a consistency checking so not to overflow past the flash size. Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'common/cmd_sf.c')
-rw-r--r--common/cmd_sf.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/common/cmd_sf.c b/common/cmd_sf.c
index 9c76464a9a8..5ac1d0c4c1e 100644
--- a/common/cmd_sf.c
+++ b/common/cmd_sf.c
@@ -211,6 +211,13 @@ static int do_spi_flash_read_write(int argc, char * const argv[])
if (*argv[3] == 0 || *endp != 0)
return -1;
+ /* Consistency checking */
+ if (offset + len > flash->size) {
+ printf("ERROR: attempting %s past flash size (%#x)\n",
+ argv[0], flash->size);
+ return 1;
+ }
+
buf = map_physmem(addr, len, MAP_WRBACK);
if (!buf) {
puts("Failed to map physical memory\n");
@@ -252,6 +259,13 @@ static int do_spi_flash_erase(int argc, char * const argv[])
if (ret != 1)
return -1;
+ /* Consistency checking */
+ if (offset + len > flash->size) {
+ printf("ERROR: attempting %s past flash size (%#x)\n",
+ argv[0], flash->size);
+ return 1;
+ }
+
ret = spi_flash_erase(flash, offset, len);
if (ret) {
printf("SPI flash %s failed\n", argv[0]);