fs: limit flash erase and protect to the partiton boundary
Passing a too large size or offset to erase could affect flash outside the partition boundary. Addresses for SPI flash wrap around, thus giving a count + offset going past the end of the flash would wrap around and erase flash at offset 0. Add the same check for protect. Signed-off-by: Johannes Stezenbach <js@sig21.net> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
This commit is contained in:
parent
79f9683b8e
commit
6815e0d054
18
fs/fs.c
18
fs/fs.c
|
@ -751,14 +751,13 @@ int erase(int fd, size_t count, unsigned long offset)
|
|||
|
||||
if (check_fd(fd))
|
||||
return -errno;
|
||||
if (offset >= f->size)
|
||||
return 0;
|
||||
if (count > f->size - offset)
|
||||
count = f->size - offset;
|
||||
|
||||
dev = f->dev;
|
||||
|
||||
fsdrv = dev_to_fs_driver(dev);
|
||||
|
||||
if (f->pos + count > f->size)
|
||||
count = f->size - f->pos;
|
||||
|
||||
if (fsdrv->erase)
|
||||
ret = fsdrv->erase(dev, f, count, offset);
|
||||
else
|
||||
|
@ -780,14 +779,13 @@ int protect(int fd, size_t count, unsigned long offset, int prot)
|
|||
|
||||
if (check_fd(fd))
|
||||
return -errno;
|
||||
if (offset >= f->size)
|
||||
return 0;
|
||||
if (count > f->size - offset)
|
||||
count = f->size - offset;
|
||||
|
||||
dev = f->dev;
|
||||
|
||||
fsdrv = dev_to_fs_driver(dev);
|
||||
|
||||
if (f->pos + count > f->size)
|
||||
count = f->size - f->pos;
|
||||
|
||||
if (fsdrv->protect)
|
||||
ret = fsdrv->protect(dev, f, count, offset, prot);
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue