[PATCH v2 1/2] firmware: socfpga: Fix a bug in fpgamgr_program_write_buf()

[Andrey Smirnov]

Fix a bug in fpgamgr_program_write_buf() where .rbf file whose length
is not a multiple of 4 would cause an integer overflow which would
result in infinite loop.

Signed-off-by: Andrey Smirnov <andrew.smirnov at gmail.com>
---
 drivers/firmware/socfpga.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/drivers/firmware/socfpga.c b/drivers/firmware/socfpga.c
index a5dc607..71f260f 100644
--- a/drivers/firmware/socfpga.c
+++ b/drivers/firmware/socfpga.c
@@ -321,14 +321,28 @@ static int fpgamgr_program_write_buf(struct firmware_handler *fh, const void *bu
 		size_t size)
 {
 	struct fpgamgr *mgr = container_of(fh, struct fpgamgr, fh);
-	const uint32_t *buf32 = buf;
+	const uint8_t *buffer = buf;
+	uint32_t word;
+	size_t chunk_size;
+	size_t offset = 0;
 
 	/* write to FPGA Manager AXI data */
-	while (size) {
-		writel(*buf32, mgr->regs_data);
-		readl(mgr->regs + FPGAMGRREGS_MON_GPIO_EXT_PORTA_ADDRESS);
-		buf32++;
+	while (size >= sizeof(uint32_t)) {
 		size -= sizeof(uint32_t);
+
+		word = *(uint32_t *)(buffer + offset);
+		offset += sizeof(uint32_t);
+
+		writel(word, mgr->regs_data);
+		readl(mgr->regs + FPGAMGRREGS_MON_GPIO_EXT_PORTA_ADDRESS);
+	}
+	
+	if (size) {
+		word = 0;
+		while (chunk_size--) {
+			word |= buffer[offset++];
+			word <<= 8;
+		}
 	}
 
 	return 0;
-- 
2.1.4