openwrt/flashrom
1
0
Fork 0
mirror of https://review.coreboot.org/flashrom.git synced 2025-04-27 23:22:37 +02:00
Code Issues Releases Wiki Activity

Improve debugging for unaligned erase in the flash chip emulator

Browse Source 
Fix out-of-bounds access for chip erase in the flash chip emulator.

Corresponding to flashrom svn r1259.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Acked-by: David Hendricks <dhendrix@google.com>
This commit is contained in:
Carl-Daniel Hailfinger 2011-02-04 22:52:04 +00:00
parent 9a1105cfff
commit 146b77d777
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dummyflasher.c
View File

@ -395,7 +395,7 @@ static int emulate_spi_chip_response(unsigned int writecnt, unsigned int readcnt
} }
offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3]; offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3];
if (offs & (emu_jedec_se_size - 1)) if (offs & (emu_jedec_se_size - 1))
msg_pdbg("Unaligned SECTOR ERASE 0x20\n"); msg_pdbg("Unaligned SECTOR ERASE 0x20: 0x%x\n", offs);
offs &= ~(emu_jedec_se_size - 1); offs &= ~(emu_jedec_se_size - 1);
memset(flashchip_contents + offs, 0xff, emu_jedec_se_size); memset(flashchip_contents + offs, 0xff, emu_jedec_se_size);
break; break;
@ -412,7 +412,7 @@ static int emulate_spi_chip_response(unsigned int writecnt, unsigned int readcnt
} }
offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3]; offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3];
if (offs & (emu_jedec_be_52_size - 1)) if (offs & (emu_jedec_be_52_size - 1))
msg_pdbg("Unaligned BLOCK ERASE 0x52\n"); msg_pdbg("Unaligned BLOCK ERASE 0x52: 0x%x\n", offs);
offs &= ~(emu_jedec_be_52_size - 1); offs &= ~(emu_jedec_be_52_size - 1);
memset(flashchip_contents + offs, 0xff, emu_jedec_be_52_size); memset(flashchip_contents + offs, 0xff, emu_jedec_be_52_size);
break; break;
@ -429,7 +429,7 @@ static int emulate_spi_chip_response(unsigned int writecnt, unsigned int readcnt
} }
offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3]; offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3];
if (offs & (emu_jedec_be_d8_size - 1)) if (offs & (emu_jedec_be_d8_size - 1))
msg_pdbg("Unaligned BLOCK ERASE 0xd8\n"); msg_pdbg("Unaligned BLOCK ERASE 0xd8: 0x%x\n", offs);
offs &= ~(emu_jedec_be_d8_size - 1); offs &= ~(emu_jedec_be_d8_size - 1);
memset(flashchip_contents + offs, 0xff, emu_jedec_be_d8_size); memset(flashchip_contents + offs, 0xff, emu_jedec_be_d8_size);
break; break;
@ -444,12 +444,9 @@ static int emulate_spi_chip_response(unsigned int writecnt, unsigned int readcnt
msg_perr("CHIP ERASE 0x60 insize invalid!\n"); msg_perr("CHIP ERASE 0x60 insize invalid!\n");
return 1; return 1;
} }
offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3]; /* JEDEC_CE_60_OUTSIZE is 1 (no address) -> no offset. */
if (offs & (emu_jedec_ce_60_size - 1))
msg_pdbg("Unaligned CHIP ERASE 0x60\n");
offs &= ~(emu_jedec_ce_60_size - 1);
/* emu_jedec_ce_60_size is emu_chip_size. */ /* emu_jedec_ce_60_size is emu_chip_size. */
memset(flashchip_contents + offs, 0xff, emu_jedec_ce_60_size); memset(flashchip_contents, 0xff, emu_jedec_ce_60_size);
break; break;
case JEDEC_CE_C7: case JEDEC_CE_C7:
if (!emu_jedec_ce_c7_size) if (!emu_jedec_ce_c7_size)
@ -462,10 +459,7 @@ static int emulate_spi_chip_response(unsigned int writecnt, unsigned int readcnt
msg_perr("CHIP ERASE 0xc7 insize invalid!\n"); msg_perr("CHIP ERASE 0xc7 insize invalid!\n");
return 1; return 1;
} }
offs = writearr[1] << 16 | writearr[2] << 8 | writearr[3]; /* JEDEC_CE_C7_OUTSIZE is 1 (no address) -> no offset. */
if (offs & (emu_jedec_ce_c7_size - 1))
msg_pdbg("Unaligned CHIP ERASE 0xc7\n");
offs &= ~(emu_jedec_ce_c7_size - 1);
/* emu_jedec_ce_c7_size is emu_chip_size. */ /* emu_jedec_ce_c7_size is emu_chip_size. */
memset(flashchip_contents, 0xff, emu_jedec_ce_c7_size); memset(flashchip_contents, 0xff, emu_jedec_ce_c7_size);
break; break;