From: Lukasz Majewski <l.majewski@samsung.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [Patch V2 3/3] dfu: dfu_get_buf: check the value of env dfu_bufsiz before use
Date: Tue, 16 Dec 2014 14:48:46 +0100 [thread overview]
Message-ID: <20141216144846.66ae2bc3@amdc2363> (raw)
In-Reply-To: <1418636051-31901-3-git-send-email-p.marczak@samsung.com>
Hi Przemyslaw,
> In function dfu_get_buf(), the size of allocated buffer could
> be defined by the env variable. The size from this variable
> was passed for memalign() without checking its value.
> And the the memalign will return non null pointer for size 0.
>
> This could possibly cause data abort, so now the value of var
> is checked before use. And if this variable is set to 0 then
> the default size will be used.
>
> This commit also changes the base passed to simple_strtoul()
> to 0. Now decimal and hex values can be used for the variable
> dfu_bufsiz.
>
> Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
> ---
> Change v2:
> - new patch
> ---
> drivers/dfu/dfu.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/dfu/dfu.c b/drivers/dfu/dfu.c
> index c0aba6e..49abd85 100644
> --- a/drivers/dfu/dfu.c
> +++ b/drivers/dfu/dfu.c
> @@ -111,8 +111,12 @@ unsigned char *dfu_get_buf(struct dfu_entity
> *dfu) return dfu_buf;
>
> s = getenv("dfu_bufsiz");
> - dfu_buf_size = s ? (unsigned long)simple_strtol(s, NULL,
> 16) :
> - CONFIG_SYS_DFU_DATA_BUF_SIZE;
> + if (s)
> + dfu_buf_size = (unsigned long)simple_strtol(s, NULL,
> 0); +
> + if (!s || !dfu_buf_size)
> + dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
> +
> if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
> dfu_buf_size = dfu->max_buf_size;
>
Applied to u-boot-dfu, thanks!
--
Best regards,
Lukasz Majewski
Samsung R&D Institute Poland (SRPOL) | Linux Platform Group
next prev parent reply other threads:[~2014-12-16 13:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-11 11:02 [U-Boot] [PATCH 1/2] dfu: mmc: check if mmc device exists in mmc_block_op() Przemyslaw Marczak
2014-12-11 11:03 ` [U-Boot] [PATCH 2/2] gadget: f_thor: check pointers before use in download_tail() Przemyslaw Marczak
2014-12-12 8:38 ` Lukasz Majewski
2014-12-12 8:38 ` [U-Boot] [PATCH 1/2] dfu: mmc: check if mmc device exists in mmc_block_op() Lukasz Majewski
2014-12-15 9:34 ` [U-Boot] [Patch V2 1/3] " Przemyslaw Marczak
2014-12-15 9:34 ` [U-Boot] [Patch V2 2/3] gadget: f_thor: check pointers before use in download_tail() Przemyslaw Marczak
2014-12-16 13:47 ` Lukasz Majewski
2014-12-15 9:34 ` [U-Boot] [Patch V2 3/3] dfu: dfu_get_buf: check the value of env dfu_bufsiz before use Przemyslaw Marczak
2014-12-16 13:48 ` Lukasz Majewski [this message]
2014-12-16 15:09 ` Marek Vasut
2014-12-16 16:07 ` Lukasz Majewski
2014-12-16 17:01 ` Marek Vasut
2014-12-16 13:47 ` [U-Boot] [Patch V2 1/3] dfu: mmc: check if mmc device exists in mmc_block_op() Lukasz Majewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141216144846.66ae2bc3@amdc2363 \
--to=l.majewski@samsung.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.