blob: e8a1e00d27b08ad94ff1e9c066dac5c121ad36cb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>
Date: Thu, 28 Feb 2013 10:42:26 +0100
Subject: [PATCH mtd-utils] flash_otp_write: fix a buffer overflow on NAND with
write size > 2048
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
I'm not aware of any chip having a write size bigger than 2048 today.
Still checking for that instead of a sleeping problem to bite us maybe
in a few years is easy.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
---
Notes:
Applied-Upstream: >1.5.0, commit:1145ef7ee979dde2d611e09d00fc6ff0090dcc9d
flash_otp_write.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/flash_otp_write.c b/flash_otp_write.c
index 3515eee..eaca5e1 100644
--- a/flash_otp_write.c
+++ b/flash_otp_write.c
@@ -83,6 +83,12 @@ int main(int argc,char *argv[])
else
len = 256;
+ if (len > sizeof(buf)) {
+ printf("huh, writesize (%d) bigger than buffer (%zu)\n",
+ len, sizeof(buf));
+ return ENOMEM;
+ }
+
wrote = 0;
while ((size = xread(0, buf, len))) {
if (size < 0) {
|