diff --git a/Target/Source/ARM7_LPC2000/flash.c b/Target/Source/ARM7_LPC2000/flash.c index 8676b9a2..ba3724ee 100644 --- a/Target/Source/ARM7_LPC2000/flash.c +++ b/Target/Source/ARM7_LPC2000/flash.c @@ -43,6 +43,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Entry address for the IAP algorithms, enabling a switch to thumb mode. */ #define IAP_ENTRY_ADDRESS (0x7ffffff1) /** \brief IAP prepare sectos command code. */ @@ -276,6 +279,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -309,6 +318,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM0_STM32F0/flash.c b/Target/Source/ARMCM0_STM32F0/flash.c index 4db666ea..927d4d15 100644 --- a/Target/Source/ARMCM0_STM32F0/flash.c +++ b/Target/Source/ARMCM0_STM32F0/flash.c @@ -44,6 +44,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) #if (BOOT_NVM_SIZE_KB > 64) /** \brief Number of bytes to erase per erase operation. */ #define FLASH_ERASE_BLOCK_SIZE (0x800) @@ -269,6 +272,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -302,6 +311,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM0_XMC1/flash.c b/Target/Source/ARMCM0_XMC1/flash.c index 0a057ab7..939cf2e4 100644 --- a/Target/Source/ARMCM0_XMC1/flash.c +++ b/Target/Source/ARMCM0_XMC1/flash.c @@ -47,6 +47,9 @@ #define FLASH_WRITE_BLOCK_SIZE (256) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Offset into the user program's vector table where the checksum is located. * For this target it is set to the end of the vector table. Note that the * value can be overriden in blt_conf.h, because the size of the vector table @@ -295,6 +298,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -328,6 +337,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM3_EFM32/flash.c b/Target/Source/ARMCM3_EFM32/flash.c index 37bd261a..f5c5bccd 100644 --- a/Target/Source/ARMCM3_EFM32/flash.c +++ b/Target/Source/ARMCM3_EFM32/flash.c @@ -44,6 +44,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Offset into the user program's vector table where the checksum is located. * For this target it is set to the end of the vector table. Note that the * value can be overriden in blt_conf.h, because the size of the vector table @@ -266,6 +269,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -299,6 +308,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM3_LM3S/flash.c b/Target/Source/ARMCM3_LM3S/flash.c index d5f23e3c..689f15dd 100644 --- a/Target/Source/ARMCM3_LM3S/flash.c +++ b/Target/Source/ARMCM3_LM3S/flash.c @@ -46,6 +46,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Number of bytes to erase per erase operation. */ #define FLASH_ERASE_BLOCK_SIZE (0x400) /** \brief Offset into the user program's vector table where the checksum is located. @@ -267,6 +270,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -300,6 +309,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM3_STM32F1/flash.c b/Target/Source/ARMCM3_STM32F1/flash.c index 5e91a5ba..3acaee03 100644 --- a/Target/Source/ARMCM3_STM32F1/flash.c +++ b/Target/Source/ARMCM3_STM32F1/flash.c @@ -43,6 +43,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) #if (BOOT_NVM_SIZE_KB > 128) /** \brief Number of bytes to erase per erase operation. */ #define FLASH_ERASE_BLOCK_SIZE (0x800) @@ -298,6 +301,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -331,6 +340,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM3_STM32F2/flash.c b/Target/Source/ARMCM3_STM32F2/flash.c index d4419093..0ce677e4 100644 --- a/Target/Source/ARMCM3_STM32F2/flash.c +++ b/Target/Source/ARMCM3_STM32F2/flash.c @@ -44,6 +44,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Offset into the user program's vector table where the checksum is located. * For this target it is set to the end of the vector table. Note that the * value can be overriden in blt_conf.h, because the size of the vector table @@ -259,6 +262,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -292,6 +301,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM4_STM32F3/flash.c b/Target/Source/ARMCM4_STM32F3/flash.c index 5d476ab5..9877c6c0 100644 --- a/Target/Source/ARMCM4_STM32F3/flash.c +++ b/Target/Source/ARMCM4_STM32F3/flash.c @@ -254,6 +254,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS)) { @@ -291,11 +297,17 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) FLASH_EraseInitTypeDef eraseInitStruct; blt_bool result = BLT_TRUE; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* determine the base address for the erase operation, by aligning to * FLASH_ERASE_SECTOR_SIZE. */ erase_base_addr = (addr/FLASH_ERASE_SECTOR_SIZE)*FLASH_ERASE_SECTOR_SIZE; - + /* make sure the addresses are within the flash device */ if ((erase_base_addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS)) { diff --git a/Target/Source/ARMCM4_STM32F4/flash.c b/Target/Source/ARMCM4_STM32F4/flash.c index b0b28b71..dc1d7400 100644 --- a/Target/Source/ARMCM4_STM32F4/flash.c +++ b/Target/Source/ARMCM4_STM32F4/flash.c @@ -45,6 +45,9 @@ #define FLASH_WRITE_BLOCK_SIZE (512) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Offset into the user program's vector table where the checksum is located. * For this target it is set to the end of the vector table. Note that the * value can be overriden in blt_conf.h, because the size of the vector table @@ -282,6 +285,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -315,6 +324,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM4_STM32L4/flash.c b/Target/Source/ARMCM4_STM32L4/flash.c index 581bc26f..3f81adbf 100644 --- a/Target/Source/ARMCM4_STM32L4/flash.c +++ b/Target/Source/ARMCM4_STM32L4/flash.c @@ -30,7 +30,8 @@ * Include files ****************************************************************************************/ #include "boot.h" /* bootloader generic header */ -#include "stm32l4xx.h" /* STM32 CPU and HAL header */ +#include "stm32l4xx.h" /* STM32 CPU and HAL header */ + /**************************************************************************************** @@ -268,6 +269,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS)) { @@ -307,6 +314,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int32u dummy; FLASH_EraseInitTypeDef eraseInitStruct; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* determine the base address for the erase operation, by aligning to * FLASH_ERASE_SECTOR_SIZE. */ diff --git a/Target/Source/ARMCM4_TM4C/flash.c b/Target/Source/ARMCM4_TM4C/flash.c index 62130df3..4ad58152 100644 --- a/Target/Source/ARMCM4_TM4C/flash.c +++ b/Target/Source/ARMCM4_TM4C/flash.c @@ -48,6 +48,9 @@ #define FLASH_WRITE_BLOCK_SIZE (1024) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Number of bytes to erase per erase operation. */ #define FLASH_ERASE_BLOCK_SIZE (0x400) /** \brief Offset into the user program's vector table where the checksum is located. @@ -269,6 +272,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -302,6 +311,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/ARMCM4_XMC4/flash.c b/Target/Source/ARMCM4_XMC4/flash.c index 565a97b6..d4cf326e 100644 --- a/Target/Source/ARMCM4_XMC4/flash.c +++ b/Target/Source/ARMCM4_XMC4/flash.c @@ -46,6 +46,9 @@ #define FLASH_WRITE_BLOCK_SIZE (1024) /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) /** \brief Offset into the user program's vector table where the checksum is located. * For this target it is set to the end of the vector table. Note that the * value can be overriden in blt_conf.h, because the size of the vector table @@ -281,6 +284,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) /* automatically translate cached memory addresses to non-cached */ addr = FlashTranslateToNonCachedAddress(addr); + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -317,6 +326,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) /* automatically translate cached memory addresses to non-cached */ addr = FlashTranslateToNonCachedAddress(addr); + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1); diff --git a/Target/Source/HCS12/flash.c b/Target/Source/HCS12/flash.c index fdb27f4f..d4bf66eb 100644 --- a/Target/Source/HCS12/flash.c +++ b/Target/Source/HCS12/flash.c @@ -444,11 +444,17 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) blt_addr base_addr; blt_addr last_block_base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS)) { return BLT_FALSE; - } + } /* determine the start address of the last block in flash */ last_block_base_addr = flashLayout[FLASH_LAST_SECTOR_IDX].sector_start + \ @@ -483,6 +489,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int32u total_erase_len; blt_int16u block_cnt; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* determine the base address for the erase operation, by aligning to * FLASH_ERASE_BLOCK_SIZE. */ diff --git a/Target/Source/TRICORE_TC1798/flash.c b/Target/Source/TRICORE_TC1798/flash.c index d850699a..78033e22 100644 --- a/Target/Source/TRICORE_TC1798/flash.c +++ b/Target/Source/TRICORE_TC1798/flash.c @@ -48,6 +48,10 @@ /** \brief Total numbers of sectors in array flashLayout[]. */ #define FLASH_TOTAL_SECTORS (sizeof(flashLayout)/sizeof(flashLayout[0])) +/** \brief End address of the bootloader programmable flash. */ +#define FLASH_END_ADDRESS (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \ + flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1) + /** \brief The flash driver is setup to operate on the cached PFLASH addresses, whereas * the actual PFLASH commands should operate on non-cached addresses. This * macro defines the offset between cached (80xxxxxxh) and non-cached @@ -278,6 +282,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data) { blt_addr base_addr; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* make sure the addresses are within the flash device */ if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \ (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR)) @@ -311,6 +321,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len) blt_int8u first_sector; blt_int8u last_sector; + /* validate the len parameter */ + if ((len - 1) > (FLASH_END_ADDRESS - addr)) + { + return BLT_FALSE; + } + /* obtain the first and last sector number */ first_sector = FlashGetSector(addr); last_sector = FlashGetSector(addr+len-1);