From d71e88ecfb0af51f4df21e0a81b04a46ac590798 Mon Sep 17 00:00:00 2001 From: Grant Pannell Date: Fri, 6 Sep 2024 22:35:53 +0930 Subject: [PATCH] erasure_layout: Fix init_eraseblock segmentation fault Fix a segmentation fault that is caused by accessing an invalid "subedata" pointer on the last iteration of the init_eraseblock loop. Instead, short circuit the loop condition to check the sub block index first, and do not access the invalid pointer if it is the last sub block. Issue was encountered in: - OS: OpenBSD 7.5 amd64 - Compiler: clang 16.0.6 - Chip: Macronix MX25U6435E/F BUG=https://ticket.coreboot.org/issues/555 Change-Id: I61bf0d93aa9f0b2b420b146be16fcd5124f0dc5d Signed-off-by: Grant Pannell Reviewed-on: https://review.coreboot.org/c/flashrom/+/84234 Tested-by: build bot (Jenkins) Reviewed-by: DigitalDJ Reviewed-by: Anastasia Klimchuk --- erasure_layout.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/erasure_layout.c b/erasure_layout.c index c1368e770..c3a415b71 100644 --- a/erasure_layout.c +++ b/erasure_layout.c @@ -52,8 +52,8 @@ static void init_eraseblock(struct erase_layout *layout, size_t idx, size_t bloc edata->first_sub_block_index = *sub_block_index; struct eraseblock_data *subedata = &layout[idx - 1].layout_list[*sub_block_index]; - while (subedata->start_addr >= start_addr && subedata->end_addr <= end_addr && - *sub_block_index < layout[idx-1].block_count) { + while (*sub_block_index < layout[idx-1].block_count && + subedata->start_addr >= start_addr && subedata->end_addr <= end_addr) { (*sub_block_index)++; subedata++; }