summaryrefslogtreecommitdiff
path: root/drivers/dfu
diff options
context:
space:
mode:
authorPrzemyslaw Marczak <p.marczak@samsung.com>2014-12-15 10:34:11 +0100
committerLukasz Majewski <l.majewski@samsung.com>2014-12-18 12:26:06 +0100
commitf597fc3d4c4f73d45670649d6f3e678934139c25 (patch)
treee08769af067fa6e5a1bf8fb2c48e073967e114e5 /drivers/dfu
parent62a96d805f6f212250f5590d6afadf3645837f36 (diff)
dfu: dfu_get_buf: check the value of env dfu_bufsiz before use
In function dfu_get_buf(), the size of allocated buffer could be defined by the env variable. The size from this variable was passed for memalign() without checking its value. And the the memalign will return non null pointer for size 0. This could possibly cause data abort, so now the value of var is checked before use. And if this variable is set to 0 then the default size will be used. This commit also changes the base passed to simple_strtoul() to 0. Now decimal and hex values can be used for the variable dfu_bufsiz. Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com> Tested-by: Lukasz Majewski <l.majewski@samsung.com> [TestHW: Exynos4412-Trats2]
Diffstat (limited to 'drivers/dfu')
-rw-r--r--drivers/dfu/dfu.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/dfu/dfu.c b/drivers/dfu/dfu.c
index 648f26105da..ad0a7e7c25f 100644
--- a/drivers/dfu/dfu.c
+++ b/drivers/dfu/dfu.c
@@ -95,8 +95,12 @@ unsigned char *dfu_get_buf(struct dfu_entity *dfu)
return dfu_buf;
s = getenv("dfu_bufsiz");
- dfu_buf_size = s ? (unsigned long)simple_strtol(s, NULL, 16) :
- CONFIG_SYS_DFU_DATA_BUF_SIZE;
+ if (s)
+ dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
+
+ if (!s || !dfu_buf_size)
+ dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
+
if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
dfu_buf_size = dfu->max_buf_size;