diff options
author | Johannes Stezenbach <js@sig21.net> | 2012-06-06 18:05:00 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2012-06-07 19:31:33 +0200 |
commit | 6815e0d0548011a9e8574947f5de4754530d3edd (patch) | |
tree | bc098e0281e765ac3af9889dc16a9b0bf3b3a92c | |
parent | 79f9683b8e3861d735714d216afad840a6e7ebd0 (diff) | |
download | barebox-6815e0d0548011a9e8574947f5de4754530d3edd.tar.gz barebox-6815e0d0548011a9e8574947f5de4754530d3edd.tar.xz |
fs: limit flash erase and protect to the partiton boundary
Passing a too large size or offset to erase could
affect flash outside the partition boundary.
Addresses for SPI flash wrap around, thus giving a
count + offset going past the end of the flash would
wrap around and erase flash at offset 0.
Add the same check for protect.
Signed-off-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
-rw-r--r-- | fs/fs.c | 18 |
1 files changed, 8 insertions, 10 deletions
@@ -751,14 +751,13 @@ int erase(int fd, size_t count, unsigned long offset) if (check_fd(fd)) return -errno; + if (offset >= f->size) + return 0; + if (count > f->size - offset) + count = f->size - offset; dev = f->dev; - fsdrv = dev_to_fs_driver(dev); - - if (f->pos + count > f->size) - count = f->size - f->pos; - if (fsdrv->erase) ret = fsdrv->erase(dev, f, count, offset); else @@ -780,14 +779,13 @@ int protect(int fd, size_t count, unsigned long offset, int prot) if (check_fd(fd)) return -errno; + if (offset >= f->size) + return 0; + if (count > f->size - offset) + count = f->size - offset; dev = f->dev; - fsdrv = dev_to_fs_driver(dev); - - if (f->pos + count > f->size) - count = f->size - f->pos; - if (fsdrv->protect) ret = fsdrv->protect(dev, f, count, offset, prot); else |