aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAntonio Borneo <borneo.antonio@gmail.com>2010-04-16 01:17:01 +0800
committerØyvind Harboe <oyvind.harboe@zylin.com>2010-05-16 13:39:47 +0200
commitc7b269ace1bbe07d5db7a562bb9242f4be32be67 (patch)
treeccc4405381e1f4964d72b0102757ea0cc8f588a7 /src
parentb8c54b362b395e50baf749366f6ec9e29fcba27e (diff)
NOR/CFI: check "flash bank" command arguments
Arguments chip_width and bus_width of command "flash bank" are not fully checked. While bus_width is later on redundantly checked in several other parts (e.g. in cfi_command_val()) and generates run-time error, chip_width is never checked, nor related to actual bus_width value. Added check to avoid: - (chip_width == 0), that would mean no memory chip at all, avoiding also division by zero e.g. in cfi_get_u8(); - (bus_width == 0), that would mean no bus at all; - unsupported cases of chip_width or bus_width value not power of 2; - unsupported case of chip width wider than bus. Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Diffstat (limited to 'src')
-rw-r--r--src/flash/nor/cfi.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/flash/nor/cfi.c b/src/flash/nor/cfi.c
index 2235c85c..ba2d9095 100644
--- a/src/flash/nor/cfi.c
+++ b/src/flash/nor/cfi.c
@@ -624,8 +624,18 @@ FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
return ERROR_FLASH_BANK_INVALID;
}
+ /* both widths must:
+ * - not exceed max value;
+ * - not be null;
+ * - be equal to a power of 2.
+ * bus must be wide enought to hold one chip */
if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
- || (bank->bus_width > CFI_MAX_BUS_WIDTH))
+ || (bank->bus_width > CFI_MAX_BUS_WIDTH)
+ || (bank->chip_width == 0)
+ || (bank->bus_width == 0)
+ || (bank->chip_width & (bank->chip_width - 1))
+ || (bank->bus_width & (bank->bus_width - 1))
+ || (bank->chip_width > bank->bus_width))
{
LOG_ERROR("chip and bus width have to specified in bytes");
return ERROR_FLASH_BANK_INVALID;