Wrong CFI offset in cfi_cmdset_0001.c
Jared Hulbert
jaredeh at gmail.com
Tue Oct 25 16:02:42 EDT 2005
On 10/25/05, Nicolas Pitre <nico at cam.org> wrote:
> On Mon, 24 Oct 2005, Jared Hulbert wrote:
>
> > Sorry. It took me longer than it should have to track down a P30 part
> > and get it on my machine. Does this work for you?
>
> I have a problem convincing myself it should work at all.
>
> > --- trunk/drivers/mtd/chips/cfi_cmdset_0001.c (revision 8)
> > +++ trunk/drivers/mtd/chips/cfi_cmdset_0001.c (revision 10)
> > @@ -285,7 +285,7 @@
> > sizeof(struct cfi_intelext_otpinfo);
> >
> > /* Burst Read info */
> > - extra_size += (extp->MinorVersion < '4') ? 6 : 5;
> > + extra_size += (unsigned int)extp->extra[extra_size+1]+2;
>
> Here you're dereferencing the extra array which (initially) has not even
> been read into memory yet. It probably only work because it just
> happens that extra_size is not increased enough to bypass the later
> "goto again" which would manage to read the extra data needed and things
> would get back on track at that point. but that's relying on pure luck.
Yeah. Opps kind of tacky.
> Could you fix that and get rid of the needless cast please? (extra is
> uint8_t so there is no signedness issues to worry about)
How's this look?
Index: trunk/drivers/mtd/chips/cfi_cmdset_0001.c
===================================================================
--- trunk/drivers/mtd/chips/cfi_cmdset_0001.c (revision 8)
+++ trunk/drivers/mtd/chips/cfi_cmdset_0001.c (revision 11)
@@ -285,7 +285,10 @@
sizeof(struct cfi_intelext_otpinfo);
/* Burst Read info */
- extra_size += (extp->MinorVersion < '4') ? 6 : 5;
+ extra_size += 2;
+ if (extp_size < sizeof(*extp) + extra_size)
+ goto need_more;
+ extra_size += extp->extra[extra_size-1];
/* Number of hardware-partitions */
extra_size += 1;
@@ -519,7 +522,7 @@
sizeof(struct cfi_intelext_otpinfo);
/* Burst Read info */
- offs += (extp->MinorVersion < '4') ? 6 : 5;
+ offs += extp->extra[offs+1]+2;
/* Number of partition regions */
numregions = extp->extra[offs];
More information about the linux-mtd
mailing list