[flashrom] [commit] r1380 - trunk

repository service svn at flashrom.org
Thu Jul 21 23:21:04 CEST 2011 

Author: hailfinger
Date: Thu Jul 21 23:21:04 2011
New Revision: 1380
URL: http://flashrom.org/trac/flashrom/changeset/1380

Log:
Fix out-of-bounds access if all erase functions fail.
Fix detection of unchanged chip contents on erase failure.
Return error if no usable erase functions exist.

Thanks to Stefan Tauner for spotting the last problem.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
Acked-by: Stefan Tauner <stefan.tauner at student.tuwien.ac.at>

Modified:
   trunk/flashrom.c

Modified: trunk/flashrom.c
==============================================================================
--- trunk/flashrom.c	Thu Jul 21 21:59:34 2011	(r1379)
+++ trunk/flashrom.c	Thu Jul 21 23:21:04 2011	(r1380)
@@ -1507,7 +1507,7 @@
 
 int erase_and_write_flash(struct flashchip *flash, uint8_t *oldcontents, uint8_t *newcontents)
 {
-	int k, ret = 0;
+	int k, ret = 1;
 	uint8_t *curcontents;
 	unsigned long size = flash->total_size * 1024;
 	unsigned int usable_erasefunctions = count_usable_erasers(flash);
@@ -1522,8 +1522,12 @@
 	memcpy(curcontents, oldcontents, size);
 
 	for (k = 0; k < NUM_ERASEFUNCTIONS; k++) {
+		if (!usable_erasefunctions) {
+			msg_cdbg("No usable erase functions left.\n");
+			break;
+		}
 		msg_cdbg("Looking at blockwise erase function %i... ", k);
-		if (check_block_eraser(flash, k, 1) && usable_erasefunctions) {
+		if (check_block_eraser(flash, k, 1)) {
 			msg_cdbg("Looking for another erase function.\n");
 			continue;
 		}
@@ -1535,10 +1539,8 @@
 		if (!ret)
 			break;
 		/* Write/erase failed, so try to find out what the current chip
-		 * contents are. If no usable erase functions remain, we could
-		 * abort the loop instead of continuing, the effect is the same.
-		 * The only difference is whether the reason for other unusable
-		 * functions is printed or not. If in doubt, verbosity wins.
+		 * contents are. If no usable erase functions remain, we can
+		 * skip this: the next iteration will break immediately anyway.
 		 */
 		if (!usable_erasefunctions)
 			continue;

More information about the flashrom mailing list