[PATCH 5/5] fs: limit flash erase and protect to the partiton boundary
Johannes Stezenbach
js at sig21.net
Wed Jun 6 12:05:00 EDT 2012
Passing a too large size or offset to erase could
affect flash outside the partition boundary.
Addresses for SPI flash wrap around, thus giving a
count + offset going past the end of the flash would
wrap around and erase flash at offset 0.
Add the same check for protect.
Signed-off-by: Johannes Stezenbach <js at sig21.net>
---
fs/fs.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/fs/fs.c b/fs/fs.c
index 9cda1d9..af73c8c 100644
--- a/fs/fs.c
+++ b/fs/fs.c
@@ -751,14 +751,13 @@ int erase(int fd, size_t count, unsigned long offset)
if (check_fd(fd))
return -errno;
+ if (offset >= f->size)
+ return 0;
+ if (count > f->size - offset)
+ count = f->size - offset;
dev = f->dev;
-
fsdrv = dev_to_fs_driver(dev);
-
- if (f->pos + count > f->size)
- count = f->size - f->pos;
-
if (fsdrv->erase)
ret = fsdrv->erase(dev, f, count, offset);
else
@@ -780,14 +779,13 @@ int protect(int fd, size_t count, unsigned long offset, int prot)
if (check_fd(fd))
return -errno;
+ if (offset >= f->size)
+ return 0;
+ if (count > f->size - offset)
+ count = f->size - offset;
dev = f->dev;
-
fsdrv = dev_to_fs_driver(dev);
-
- if (f->pos + count > f->size)
- count = f->size - f->pos;
-
if (fsdrv->protect)
ret = fsdrv->protect(dev, f, count, offset, prot);
else
--
1.7.10
More information about the barebox
mailing list