diff options
| author | hailfinger <hailfinger@2b7e53f0-3cfb-0310-b3e9-8179ed1497e1> | 2011-07-21 21:21:04 +0000 |
|---|---|---|
| committer | hailfinger <hailfinger@2b7e53f0-3cfb-0310-b3e9-8179ed1497e1> | 2011-07-21 21:21:04 +0000 |
| commit | 1ad73d49b174596f86a1e69aa27fb0922ab1e759 (patch) | |
| tree | a41033f8d22caa096221beaa0942d7c5aec5ed56 | |
| parent | d6080b7b9fa1fcbf82115a4a42d2a492b923d4c4 (diff) | |
| download | flashrom-1ad73d49b174596f86a1e69aa27fb0922ab1e759.tar.gz | |
Fix out-of-bounds access if all erase functions fail.
Fix detection of unchanged chip contents on erase failure.
Return error if no usable erase functions exist.
Thanks to Stefan Tauner for spotting the last problem.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Acked-by: Stefan Tauner <stefan.tauner@student.tuwien.ac.at>
git-svn-id: https://code.coreboot.org/svn/flashrom/trunk@1380 2b7e53f0-3cfb-0310-b3e9-8179ed1497e1
| -rw-r--r-- | flashrom.c | 14 |
1 files changed, 8 insertions, 6 deletions
@@ -1507,7 +1507,7 @@ static int check_block_eraser(const struct flashchip *flash, int k, int log) int erase_and_write_flash(struct flashchip *flash, uint8_t *oldcontents, uint8_t *newcontents) { - int k, ret = 0; + int k, ret = 1; uint8_t *curcontents; unsigned long size = flash->total_size * 1024; unsigned int usable_erasefunctions = count_usable_erasers(flash); @@ -1522,8 +1522,12 @@ int erase_and_write_flash(struct flashchip *flash, uint8_t *oldcontents, uint8_t memcpy(curcontents, oldcontents, size); for (k = 0; k < NUM_ERASEFUNCTIONS; k++) { + if (!usable_erasefunctions) { + msg_cdbg("No usable erase functions left.\n"); + break; + } msg_cdbg("Looking at blockwise erase function %i... ", k); - if (check_block_eraser(flash, k, 1) && usable_erasefunctions) { + if (check_block_eraser(flash, k, 1)) { msg_cdbg("Looking for another erase function.\n"); continue; } @@ -1535,10 +1539,8 @@ int erase_and_write_flash(struct flashchip *flash, uint8_t *oldcontents, uint8_t if (!ret) break; /* Write/erase failed, so try to find out what the current chip - * contents are. If no usable erase functions remain, we could - * abort the loop instead of continuing, the effect is the same. - * The only difference is whether the reason for other unusable - * functions is printed or not. If in doubt, verbosity wins. + * contents are. If no usable erase functions remain, we can + * skip this: the next iteration will break immediately anyway. */ if (!usable_erasefunctions) continue; |