From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lukasz Majewski Date: Tue, 16 Dec 2014 14:48:46 +0100 Subject: [U-Boot] [Patch V2 3/3] dfu: dfu_get_buf: check the value of env dfu_bufsiz before use In-Reply-To: <1418636051-31901-3-git-send-email-p.marczak@samsung.com> References: <1418295780-27611-1-git-send-email-p.marczak@samsung.com> <1418636051-31901-1-git-send-email-p.marczak@samsung.com> <1418636051-31901-3-git-send-email-p.marczak@samsung.com> Message-ID: <20141216144846.66ae2bc3@amdc2363> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Przemyslaw, > In function dfu_get_buf(), the size of allocated buffer could > be defined by the env variable. The size from this variable > was passed for memalign() without checking its value. > And the the memalign will return non null pointer for size 0. > > This could possibly cause data abort, so now the value of var > is checked before use. And if this variable is set to 0 then > the default size will be used. > > This commit also changes the base passed to simple_strtoul() > to 0. Now decimal and hex values can be used for the variable > dfu_bufsiz. > > Signed-off-by: Przemyslaw Marczak > --- > Change v2: > - new patch > --- > drivers/dfu/dfu.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/dfu/dfu.c b/drivers/dfu/dfu.c > index c0aba6e..49abd85 100644 > --- a/drivers/dfu/dfu.c > +++ b/drivers/dfu/dfu.c > @@ -111,8 +111,12 @@ unsigned char *dfu_get_buf(struct dfu_entity > *dfu) return dfu_buf; > > s = getenv("dfu_bufsiz"); > - dfu_buf_size = s ? (unsigned long)simple_strtol(s, NULL, > 16) : > - CONFIG_SYS_DFU_DATA_BUF_SIZE; > + if (s) > + dfu_buf_size = (unsigned long)simple_strtol(s, NULL, > 0); + > + if (!s || !dfu_buf_size) > + dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE; > + > if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size) > dfu_buf_size = dfu->max_buf_size; > Applied to u-boot-dfu, thanks! -- Best regards, Lukasz Majewski Samsung R&D Institute Poland (SRPOL) | Linux Platform Group