sys64738
/
mspdebug
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed BSL memory range checking.

This commit is contained in:
Daniel Beer 2010-09-25 20:29:38 +12:00
parent f72feebb06
commit 09813e3129
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bsl.c
View File

@ -263,6 +263,11 @@ static int bsl_writemem(device_t dev_base,
{ {
struct bsl_device *dev = (struct bsl_device *)dev_base; struct bsl_device *dev = (struct bsl_device *)dev_base;
if (addr >= 0x10000 || len > 0x10000 || addr + len > 0x10000) {
printc_err("bsl: memory write out of range\n");
return -1;
}
while (len) { while (len) {
int wlen = len > 100 ? 100 : len; int wlen = len > 100 ? 100 : len;
int r; int r;
@ -288,7 +293,7 @@ static int bsl_readmem(device_t dev_base,
{ {
struct bsl_device *dev = (struct bsl_device *)dev_base; struct bsl_device *dev = (struct bsl_device *)dev_base;
if ((addr | len | (addr + len)) & 0xffff0000) { if (addr >= 0x10000 || len > 0x10000 || addr + len > 0x10000) {
printc_err("bsl: memory read out of range\n"); printc_err("bsl: memory read out of range\n");
return -1; return -1;
} }

4
flash_bsl.c
View File

@ -278,7 +278,7 @@ static int flash_bsl_readmem(device_t dev_base,
uint16_t read_size; uint16_t read_size;
int ret; int ret;
if (addr > 0xfffff || addr + len > 0xfffff) { if (addr > 0xfffff || addr + len > 0x100000) {
printc_err("flash_bsl: read exceeds possible range\n"); printc_err("flash_bsl: read exceeds possible range\n");
return -1; return -1;
} }
@ -466,7 +466,7 @@ static int flash_bsl_writemem(device_t dev_base,
uint16_t write_size; uint16_t write_size;
int n_recv; int n_recv;
if (addr > 0xfffff || addr + len > 0xfffff) { if (addr > 0xfffff || addr + len > 0x100000) {
printc_err("flash_bsl: write exceeds possible range\n"); printc_err("flash_bsl: write exceeds possible range\n");
return -1; return -1;
} }