diff options
author | Przemyslaw Marczak <p.marczak@samsung.com> | 2014-12-15 10:34:11 +0100 |
---|---|---|
committer | Lukasz Majewski <l.majewski@samsung.com> | 2014-12-18 12:26:06 +0100 |
commit | f597fc3d4c4f73d45670649d6f3e678934139c25 (patch) | |
tree | e08769af067fa6e5a1bf8fb2c48e073967e114e5 /drivers/dfu | |
parent | 62a96d805f6f212250f5590d6afadf3645837f36 (diff) |
dfu: dfu_get_buf: check the value of env dfu_bufsiz before use
In function dfu_get_buf(), the size of allocated buffer could
be defined by the env variable. The size from this variable
was passed for memalign() without checking its value.
And the the memalign will return non null pointer for size 0.
This could possibly cause data abort, so now the value of var
is checked before use. And if this variable is set to 0 then
the default size will be used.
This commit also changes the base passed to simple_strtoul()
to 0. Now decimal and hex values can be used for the variable
dfu_bufsiz.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]
Diffstat (limited to 'drivers/dfu')
-rw-r--r-- | drivers/dfu/dfu.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/dfu/dfu.c b/drivers/dfu/dfu.c index 648f26105da..ad0a7e7c25f 100644 --- a/drivers/dfu/dfu.c +++ b/drivers/dfu/dfu.c @@ -95,8 +95,12 @@ unsigned char *dfu_get_buf(struct dfu_entity *dfu) return dfu_buf; s = getenv("dfu_bufsiz"); - dfu_buf_size = s ? (unsigned long)simple_strtol(s, NULL, 16) : - CONFIG_SYS_DFU_DATA_BUF_SIZE; + if (s) + dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0); + + if (!s || !dfu_buf_size) + dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE; + if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size) dfu_buf_size = dfu->max_buf_size; |