[PATCH] mtd: nand: warn if hamming layout is used with too large ECC

Fri Feb 9 01:58:52 PST 2018

On Fri, 09 Feb 2018 10:20:37 +0100
Stefan Agner <stefan at agner.ch> wrote:

> 
> But some kind of sanity check somewhere might be worthwhile, I was a bit
> surprised that this overflowing happens on a driver in operational use
> and goes unnoticed. I realize that this patch is not ideal. Maybe making
> length signed, then we could sanity check in
> mtd_ooblayout_count_bytes...

Something like that should help us detect this unexpected case:

--->8---

diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index 66b67014508f..ada2e709743f 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
@@ -201,6 +201,9 @@ static int nand_ooblayout_free_lp_hamming(struct
mtd_info *mtd, int section, oobregion->offset = 2;
                oobregion->length = ecc_offset - 2;
        } else {
+               if (ecc_offset + ecc->total > mtd->oobsize)
+                       return -EINVAL;
+
                oobregion->offset = ecc_offset + ecc->total;
                oobregion->length = mtd->oobsize - oobregion->offset;
        }

