Refs #476. Added evaluation of the len-parameter in functions FlashErase and FlashWrite of all ports.

git-svn-id: https://svn.code.sf.net/p/openblt/code/trunk@422 5dc33758-31d5-4daf-9ae8-b24bf3d40d73

Target/Source/ARM7_LPC2000/flash.c

@@ -43,6 +43,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Entry address for the IAP algorithms, enabling a switch to thumb mode. */
 #define IAP_ENTRY_ADDRESS               (0x7ffffff1)
 /** \brief IAP prepare sectos command code. */
@@ -276,6 +279,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -309,6 +318,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM0_STM32F0/flash.c

@@ -44,6 +44,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 #if (BOOT_NVM_SIZE_KB > 64)
 /** \brief Number of bytes to erase per erase operation. */
 #define FLASH_ERASE_BLOCK_SIZE          (0x800)
@@ -269,6 +272,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -302,6 +311,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM0_XMC1/flash.c

@@ -47,6 +47,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (256)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Offset into the user program's vector table where the checksum is located.
  *         For this target it is set to the end of the vector table. Note that the
  *         value can be overriden in blt_conf.h, because the size of the vector table
@@ -295,6 +298,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -328,6 +337,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM3_EFM32/flash.c

@@ -44,6 +44,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Offset into the user program's vector table where the checksum is located. 
  *         For this target it is set to the end of the vector table. Note that the 
  *         value can be overriden in blt_conf.h, because the size of the vector table
@@ -266,6 +269,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -299,6 +308,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM3_LM3S/flash.c

@@ -46,6 +46,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Number of bytes to erase per erase operation. */
 #define FLASH_ERASE_BLOCK_SIZE          (0x400)
 /** \brief Offset into the user program's vector table where the checksum is located. 
@@ -267,6 +270,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -300,6 +309,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM3_STM32F1/flash.c

@@ -43,6 +43,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 #if (BOOT_NVM_SIZE_KB > 128)
 /** \brief Number of bytes to erase per erase operation. */
 #define FLASH_ERASE_BLOCK_SIZE          (0x800)
@@ -298,6 +301,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -331,6 +340,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM3_STM32F2/flash.c

@@ -44,6 +44,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Offset into the user program's vector table where the checksum is located. 
  *         For this target it is set to the end of the vector table. Note that the 
  *         value can be overriden in blt_conf.h, because the size of the vector table
@@ -259,6 +262,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+  
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -292,6 +301,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+  
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM4_STM32F3/flash.c

@@ -254,6 +254,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS))
   {
@@ -291,11 +297,17 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   FLASH_EraseInitTypeDef eraseInitStruct;
   blt_bool result = BLT_TRUE;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* determine the base address for the erase operation, by aligning to
    * FLASH_ERASE_SECTOR_SIZE.
    */
   erase_base_addr = (addr/FLASH_ERASE_SECTOR_SIZE)*FLASH_ERASE_SECTOR_SIZE;
-
+  
   /* make sure the addresses are within the flash device */
   if ((erase_base_addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS))
   {

Target/Source/ARMCM4_STM32F4/flash.c

@@ -45,6 +45,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (512)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Offset into the user program's vector table where the checksum is located. 
  *         For this target it is set to the end of the vector table. Note that the 
  *         value can be overriden in blt_conf.h, because the size of the vector table
@@ -282,6 +285,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -315,6 +324,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM4_STM32L4/flash.c

@@ -30,7 +30,8 @@
 * Include files
 ****************************************************************************************/
 #include "boot.h"                                /* bootloader generic header          */
-#include "stm32l4xx.h"                           /* STM32 CPU and HAL header           */
+#include "stm32l4xx.h"                           /* STM32 CPU and HAL header           */
+
 
 
 /****************************************************************************************
@@ -268,6 +269,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS))
   {
@@ -307,6 +314,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int32u dummy;
   FLASH_EraseInitTypeDef eraseInitStruct;
   
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+  
   /* determine the base address for the erase operation, by aligning to
    * FLASH_ERASE_SECTOR_SIZE.
    */

Target/Source/ARMCM4_TM4C/flash.c

@@ -48,6 +48,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (1024)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Number of bytes to erase per erase operation. */
 #define FLASH_ERASE_BLOCK_SIZE          (0x400)
 /** \brief Offset into the user program's vector table where the checksum is located. 
@@ -269,6 +272,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -302,6 +311,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/ARMCM4_XMC4/flash.c

@@ -46,6 +46,9 @@
 #define FLASH_WRITE_BLOCK_SIZE          (1024)
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS             (sizeof(flashLayout)/sizeof(flashLayout[0]))
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS               (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                         flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
 /** \brief Offset into the user program's vector table where the checksum is located.
  *         For this target it is set to the end of the vector table. Note that the
  *         value can be overriden in blt_conf.h, because the size of the vector table
@@ -281,6 +284,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
   /* automatically translate cached memory addresses to non-cached */
   addr = FlashTranslateToNonCachedAddress(addr);
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+  
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -317,6 +326,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   /* automatically translate cached memory addresses to non-cached */
   addr = FlashTranslateToNonCachedAddress(addr);
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+  
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);

Target/Source/HCS12/flash.c

@@ -444,11 +444,17 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
   blt_addr base_addr;
   blt_addr last_block_base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((addr < FLASH_START_ADDRESS) || ((addr+len-1) > FLASH_END_ADDRESS))
   {
     return BLT_FALSE;
-  }
+  }          
 
   /* determine the start address of the last block in flash */
   last_block_base_addr = flashLayout[FLASH_LAST_SECTOR_IDX].sector_start + \
@@ -483,6 +489,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int32u total_erase_len;
   blt_int16u block_cnt;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* determine the base address for the erase operation, by aligning to
    * FLASH_ERASE_BLOCK_SIZE.
    */

Target/Source/TRICORE_TC1798/flash.c

@@ -48,6 +48,10 @@
 /** \brief Total numbers of sectors in array flashLayout[]. */
 #define FLASH_TOTAL_SECTORS     (sizeof(flashLayout)/sizeof(flashLayout[0]))
 
+/** \brief End address of the bootloader programmable flash. */
+#define FLASH_END_ADDRESS       (flashLayout[FLASH_TOTAL_SECTORS-1].sector_start + \
+                                 flashLayout[FLASH_TOTAL_SECTORS-1].sector_size - 1)
+
 /** \brief The flash driver is setup to operate on the cached PFLASH addresses, whereas
  *         the actual PFLASH commands should operate on non-cached addresses. This
  *         macro defines the offset between cached (80xxxxxxh) and non-cached
@@ -278,6 +282,12 @@ blt_bool FlashWrite(blt_addr addr, blt_int32u len, blt_int8u *data)
 {
   blt_addr base_addr;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* make sure the addresses are within the flash device */
   if ((FlashGetSector(addr) == FLASH_INVALID_SECTOR) || \
       (FlashGetSector(addr+len-1) == FLASH_INVALID_SECTOR))
@@ -311,6 +321,12 @@ blt_bool FlashErase(blt_addr addr, blt_int32u len)
   blt_int8u first_sector;
   blt_int8u last_sector;
 
+  /* validate the len parameter */
+  if ((len - 1) > (FLASH_END_ADDRESS - addr))
+  {
+    return BLT_FALSE;
+  }
+
   /* obtain the first and last sector number */
   first_sector = FlashGetSector(addr);
   last_sector  = FlashGetSector(addr+len-1);