From ef9ca5f928a9ebe4a3f8551698ea4f20f52f6652 Mon Sep 17 00:00:00 2001
From: Nick Foster <nick@nerdnetworks.org>
Date: Thu, 21 Apr 2011 11:00:08 -0700
Subject: N210: Additional checks on both the host and firmware sides of the
 firmware updater.

---
 firmware/zpu/usrp2p/spi_flash.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'firmware')

diff --git a/firmware/zpu/usrp2p/spi_flash.c b/firmware/zpu/usrp2p/spi_flash.c
index 25fc239be..2033b8035 100644
--- a/firmware/zpu/usrp2p/spi_flash.c
+++ b/firmware/zpu/usrp2p/spi_flash.c
@@ -51,6 +51,8 @@ void
 spi_flash_erase_sector_start(uint32_t flash_addr)
 {
   //uprintf(UART_DEBUG, "spi_flash_erase_sector_start: addr = 0x%x\n", flash_addr);
+  if(flash_addr > spi_flash_memory_size())
+    return;
 
   spi_flash_wait();
   spi_flash_write_enable();
@@ -65,6 +67,10 @@ spi_flash_page_program_start(uint32_t flash_addr, size_t nbytes, const void *buf
   if (nbytes == 0 || nbytes > SPI_FLASH_PAGE_SIZE)
     return false;
 
+  //please to not be writing past the end of the device
+  if ((flash_addr + nbytes) > spi_flash_memory_size())
+    return false;
+
   uint32_t local_buf[SPI_FLASH_PAGE_SIZE / sizeof(uint32_t)];
   memset(local_buf, 0xff, sizeof(local_buf));	// init to 0xff (nops when programming)
   memcpy(local_buf, buf, nbytes);
@@ -130,6 +136,8 @@ spi_flash_program(uint32_t flash_addr, size_t nbytes, const void *buf)
   const unsigned char *p = (const unsigned char *) buf;
   size_t n;
 
+  if ((nbytes + flash_addr) > spi_flash_memory_size())
+    return false;
   if (nbytes == 0)
     return true;
 
@@ -158,7 +166,7 @@ void
 spi_flash_async_erase_start(spi_flash_async_state_t *s,
 			    uint32_t flash_addr, size_t nbytes)
 {
-  if (nbytes == 0){
+  if ((nbytes == 0) || ((flash_addr + nbytes) > spi_flash_memory_size())){
     s->first = s->last = s->current = 0;
     return;
   }
-- 
cgit v1.2.3


From 44c8069855aff9adb65448692de3272d0bb1603a Mon Sep 17 00:00:00 2001
From: Nick Foster <nick@nerdnetworks.org>
Date: Wed, 13 Apr 2011 12:21:28 -0700
Subject: USRP2/N210: firmware UART read no longer drops 20th char

---
 firmware/zpu/lib/hal_io.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'firmware')

diff --git a/firmware/zpu/lib/hal_io.c b/firmware/zpu/lib/hal_io.c
index 1d137943c..4ed694b9d 100644
--- a/firmware/zpu/lib/hal_io.c
+++ b/firmware/zpu/lib/hal_io.c
@@ -255,12 +255,14 @@ fngets(hal_uart_name_t u, char * const s, int len)
 int
 fngets_noblock(hal_uart_name_t u, char * const s, int len)
 {
-  char *x = s;
-
-  while(((*x=(char)hal_uart_getc_noblock(u)) != '\n') && (*x != 255) && ((x-s) < len)) x++;
-  *x = 0;
-  //printf("Returning from fngets() with string %d of length %d\n", s[0], x-s);
-  return (x-s);
+  int i;
+  for(i=0; i < len; i++) {
+      s[i] = (char) hal_uart_getc_noblock(u);
+      if((s[i] == 255) || (s[i] == '\n')) break;
+  }
+  s[i] = 0;
+
+  return i;
 }
 
 char *
-- 
cgit v1.2.3