From 737f0100431736326e8c586f69a893ba0d6fb2c3 Mon Sep 17 00:00:00 2001 From: Nick Foster Date: Thu, 21 Apr 2011 11:00:08 -0700 Subject: N210: Additional checks on both the host and firmware sides of the firmware updater. --- firmware/zpu/usrp2p/spi_flash.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'firmware/zpu/usrp2p/spi_flash.c') diff --git a/firmware/zpu/usrp2p/spi_flash.c b/firmware/zpu/usrp2p/spi_flash.c index 25fc239be..2033b8035 100644 --- a/firmware/zpu/usrp2p/spi_flash.c +++ b/firmware/zpu/usrp2p/spi_flash.c @@ -51,6 +51,8 @@ void spi_flash_erase_sector_start(uint32_t flash_addr) { //uprintf(UART_DEBUG, "spi_flash_erase_sector_start: addr = 0x%x\n", flash_addr); + if(flash_addr > spi_flash_memory_size()) + return; spi_flash_wait(); spi_flash_write_enable(); @@ -65,6 +67,10 @@ spi_flash_page_program_start(uint32_t flash_addr, size_t nbytes, const void *buf if (nbytes == 0 || nbytes > SPI_FLASH_PAGE_SIZE) return false; + //please to not be writing past the end of the device + if ((flash_addr + nbytes) > spi_flash_memory_size()) + return false; + uint32_t local_buf[SPI_FLASH_PAGE_SIZE / sizeof(uint32_t)]; memset(local_buf, 0xff, sizeof(local_buf)); // init to 0xff (nops when programming) memcpy(local_buf, buf, nbytes); @@ -130,6 +136,8 @@ spi_flash_program(uint32_t flash_addr, size_t nbytes, const void *buf) const unsigned char *p = (const unsigned char *) buf; size_t n; + if ((nbytes + flash_addr) > spi_flash_memory_size()) + return false; if (nbytes == 0) return true; @@ -158,7 +166,7 @@ void spi_flash_async_erase_start(spi_flash_async_state_t *s, uint32_t flash_addr, size_t nbytes) { - if (nbytes == 0){ + if ((nbytes == 0) || ((flash_addr + nbytes) > spi_flash_memory_size())){ s->first = s->last = s->current = 0; return; } -- cgit v1.2.3