Anastasia Klimchuk submitted this change.

View Change

Approvals: build bot (Jenkins): Verified Anastasia Klimchuk: Looks good to me, approved DigitalDJ: Looks good to me, but someone else must approve
erasure_layout: Fix init_eraseblock segmentation fault

Fix a segmentation fault that is caused by accessing an invalid
"subedata" pointer on the last iteration of the init_eraseblock loop.
Instead, short circuit the loop condition to check the sub block index
first, and do not access the invalid pointer if it is the last sub
block.

Issue was encountered in:
- OS: OpenBSD 7.5 amd64
- Compiler: clang 16.0.6
- Chip: Macronix MX25U6435E/F

BUG=https://ticket.coreboot.org/issues/555

Change-Id: I61bf0d93aa9f0b2b420b146be16fcd5124f0dc5d
Signed-off-by: Grant Pannell <grant@digitaldj.net>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/84234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: DigitalDJ
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
---
M erasure_layout.c
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/erasure_layout.c b/erasure_layout.c
index c1368e7..c3a415b 100644
--- a/erasure_layout.c
+++ b/erasure_layout.c
@@ -52,8 +52,8 @@

edata->first_sub_block_index = *sub_block_index;
struct eraseblock_data *subedata = &layout[idx - 1].layout_list[*sub_block_index];
- while (subedata->start_addr >= start_addr && subedata->end_addr <= end_addr &&
- *sub_block_index < layout[idx-1].block_count) {
+ while (*sub_block_index < layout[idx-1].block_count &&
+ subedata->start_addr >= start_addr && subedata->end_addr <= end_addr) {
(*sub_block_index)++;
subedata++;
}

To view, visit change 84234. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: flashrom
Gerrit-Branch: main
Gerrit-Change-Id: I61bf0d93aa9f0b2b420b146be16fcd5124f0dc5d
Gerrit-Change-Number: 84234
Gerrit-PatchSet: 6
Gerrit-Owner: DigitalDJ
Gerrit-Reviewer: Aarya <aarya.chaumal@gmail.com>
Gerrit-Reviewer: Anastasia Klimchuk <aklm@chromium.org>
Gerrit-Reviewer: DigitalDJ
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>