From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ew0-f211.google.com ([209.85.219.211]) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1Ma4ks-0005P1-G6 for linux-mtd@lists.infradead.org; Sun, 09 Aug 2009 09:31:58 +0000 Received: by ewy7 with SMTP id 7so2088885ewy.18 for ; Sun, 09 Aug 2009 02:31:53 -0700 (PDT) Message-ID: <4A7E9868.6070505@gmail.com> Date: Sun, 09 Aug 2009 11:35:36 +0200 From: Roel Kluin MIME-Version: 1.0 To: David Woodhouse , linux-mtd@lists.infradead.org, Andrew Morton Subject: [PATCH] MTD: Prevent a read from eraseregions[-1] Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , If the erase region was found in the first iteration we read from eraseregions[-1] Signed-off-by: Roel Kluin --- diff --git a/drivers/mtd/mtdconcat.c b/drivers/mtd/mtdconcat.c index 792b547..db6de74 100644 --- a/drivers/mtd/mtdconcat.c +++ b/drivers/mtd/mtdconcat.c @@ -427,7 +427,7 @@ static int concat_erase(struct mtd_info *mtd, struct erase_info *instr) * to-be-erased area begins. Verify that the starting * offset is aligned to this region's erase size: */ - if (instr->addr & (erase_regions[i].erasesize - 1)) + if (i < 0 || instr->addr & (erase_regions[i].erasesize - 1)) return -EINVAL; /* @@ -440,8 +440,8 @@ static int concat_erase(struct mtd_info *mtd, struct erase_info *instr) /* * check if the ending offset is aligned to this region's erase size */ - if ((instr->addr + instr->len) & (erase_regions[i].erasesize - - 1)) + if (i < 0 || ((instr->addr + instr->len) & + (erase_regions[i].erasesize - 1))) return -EINVAL; }