diff options
| author | Nicholas Piggin <npiggin@gmail.com> | 2018-10-18 00:45:32 +1000 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.ibm.com> | 2018-10-23 20:08:21 -0500 |
| commit | 12b74c455bede6a402fb7f44aca5df9186652e74 (patch) | |
| tree | b8ba7e2a6070f28cae3cc7f7a8b3dbdc2e20e698 /core/flash-subpartition.c | |
| parent | 6ed87dbdd66b1451635bd0f0c4deb0fa8f07c78a (diff) | |
| download | skiboot-12b74c455bede6a402fb7f44aca5df9186652e74.zip skiboot-12b74c455bede6a402fb7f44aca5df9186652e74.tar.gz skiboot-12b74c455bede6a402fb7f44aca5df9186652e74.tar.bz2 | |
core/flash: NULL pointer dereference fixes
These were caught with unmapped memory dereference page faults.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
Diffstat (limited to 'core/flash-subpartition.c')
| -rw-r--r-- | core/flash-subpartition.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/core/flash-subpartition.c b/core/flash-subpartition.c index 641448d..7931790 100644 --- a/core/flash-subpartition.c +++ b/core/flash-subpartition.c @@ -32,17 +32,18 @@ struct flash_hostboot_header { }; int flash_subpart_info(void *part_header, uint32_t header_len, - uint32_t part_size, uint32_t *part_actual, + uint32_t part_size, uint32_t *part_actualp, uint32_t subid, uint32_t *offset, uint32_t *size) { struct flash_hostboot_header *header; char eyecatcher[5]; uint32_t i, ec, o, s; + uint32_t part_actual; bool subpart_found; - if (!part_header || ( !offset && !size && !part_actual)) { + if (!part_header || ( !offset && !size && !part_actualp)) { prlog(PR_ERR, "FLASH: invalid parameters: ph %p of %p sz %p " - "tsz %p\n", part_header, offset, size, part_actual); + "tsz %p\n", part_header, offset, size, part_actualp); return OPAL_PARAMETER; } @@ -68,7 +69,7 @@ int flash_subpart_info(void *part_header, uint32_t header_len, eyecatcher); subpart_found = false; - *part_actual = 0; + part_actual = 0; for (i = 0; i < FLASH_HOSTBOOT_TOC_MAX_ENTRIES; i++) { ec = be32_to_cpu(header->toc[i].ec); @@ -97,8 +98,8 @@ int flash_subpart_info(void *part_header, uint32_t header_len, * Subpartitions content are different, but multiple toc entries * may point to the same subpartition. */ - if (ALIGN_UP(o + s, FLASH_SUBPART_HEADER_SIZE) > *part_actual) - *part_actual = ALIGN_UP(o + s, FLASH_SUBPART_HEADER_SIZE); + if (ALIGN_UP(o + s, FLASH_SUBPART_HEADER_SIZE) > part_actual) + part_actual = ALIGN_UP(o + s, FLASH_SUBPART_HEADER_SIZE); if (ec == subid) { if (offset) @@ -112,5 +113,7 @@ int flash_subpart_info(void *part_header, uint32_t header_len, prerror("FLASH: flash subpartition not found.\n"); return OPAL_RESOURCE; } + if (part_actualp) + *part_actualp = part_actual; return OPAL_SUCCESS; } |