[flashrom] [PATCH] Fix out-of-bounds access if all erase functions fail
Stefan Tauner
stefan.tauner at student.tuwien.ac.at
Fri Apr 15 13:16:03 CEST 2011
On Fri, 15 Apr 2011 07:31:29 +0200
Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net> wrote:
> Index: flashrom-fix_erasefunctions_nullpointer/flashrom.c
> ===================================================================
> --- flashrom-fix_erasefunctions_nullpointer/flashrom.c
> (Revision 1280) +++
> flashrom-fix_erasefunctions_nullpointer/flashrom.c
> (Arbeitskopie) @@ -1514,8 +1514,12 @@ memcpy(curcontents,
> oldcontents, size);
>
> for (k = 0; k< NUM_ERASEFUNCTIONS; k++) {
^ ^^
there is something broken with your old branch. spaces on the beginning
of lines and after some binary operators. this does not apply to my
git-svn head (or the r1280 equivalent) (could be a git-svn bug).
> + if (!usable_erasefunctions) {
> + msg_cdbg("No usable erase functions
> left.\n");
> + break;
> + }
> msg_cdbg("Looking at blockwise erase function %i...
> ", k);
> - if (check_block_eraser(flash, k, 1)&&
^^^^
but it will probably fix the OOB segfault, if it applies.
i dont understand the whole function though.
why do we precheck the erase functions with an extra loop? just for nice
logs and sparing us the memcpy?
not justified imho: it just complicates things and that OOB failure is
a typical symptom.
--
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
More information about the flashrom
mailing list