summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMario Six <mario.six@gdsys.cc>2018-01-26 14:43:53 +0100
committerStefan Roese <sr@denx.de>2018-01-29 07:48:59 +0100
commit5701ba82894d679eb42df5d0b93a2d44b3df695d (patch)
treef9da3e31926758b9b6416388077a31fd56615212
parent9dbaebcf9f401c5dcea762e34a3dc8ed10760623 (diff)
cfi_flash: Bound-check index before array access
In a while loop in cfi_flash.c the array "start" is accessed at the index "sector" before the index variable "sector" is bounds-checked, which might lead to accesses beyond the bounds of the array. Swap the order of the checks in the "&&" expression, so that the short-circuit evaluation prevents out-of-bounds array accesses. Signed-off-by: Mario Six <mario.six@gdsys.cc> Signed-off-by: Stefan Roese <sr@denx.de>
-rw-r--r--drivers/mtd/cfi_flash.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c
index 5ba0c5fdecb..61c2e6379db 100644
--- a/drivers/mtd/cfi_flash.c
+++ b/drivers/mtd/cfi_flash.c
@@ -761,8 +761,8 @@ static flash_sect_t find_sector(flash_info_t *info, ulong addr)
if (info != saved_info || sector >= info->sector_count)
sector = 0;
- while ((info->start[sector] < addr) &&
- (sector < info->sector_count - 1))
+ while ((sector < info->sector_count - 1) &&
+ (info->start[sector] < addr))
sector++;
while ((info->start[sector] > addr) && (sector > 0))
/*