nand_do_read_oob() has a bug?
William Smith
terminalnt at outlook.com
Thu Nov 27 01:59:29 PST 2014
Linux3.18-rc6, nand_base.c
In nand_do_read_oob(), there's a while() loop to deal with continuous multiple oob read operation.
Assume that:
ops->mode = MTD_OPS_PLACE_OOB;
ops->ooblen> mtd->oobsize;
ops->ooboffs != 0;
then:
len = mtd->oobsize;
in while() loop:
len = min(len, readlen); // here, len = mtd->oobsize
buf = nand_transfer_oob(chip, buf, ops, len);
in function nand_transfer_oob():
memcpy(oob, chip->oob_poi + ops->ooboffs, len); // here, len = mtd->oobsize
If the ops->ooboffs is none zero, then the copy operation will exceed the (chip->oob_poi + mtd->oobsize), some useless bytes will be copy into buf, right?
Is this a bug?
More information about the linux-mtd
mailing list