flash/nor/core: fix Segmentation fault during flash write of bad formed img
[openocd.git] / src / flash / nor / core.c
index ab69a328bd8497ed3ad41dc29d7ee2e6e9e9accd..7b91e57b2a38a43a15bb70019946d96b30f8e490 100644 (file)
@@ -601,7 +601,7 @@ int flash_write_unlock(struct target *target, struct image *image,
                uint32_t buffer_size;
                uint8_t *buffer;
                int section_last;
-               uint32_t run_address = sections[section]->base_address + section_offset;
+               target_addr_t run_address = sections[section]->base_address + section_offset;
                uint32_t run_size = sections[section]->size - section_offset;
                int pad_bytes = 0;
 
@@ -617,7 +617,7 @@ int flash_write_unlock(struct target *target, struct image *image,
                if (retval != ERROR_OK)
                        goto done;
                if (c == NULL) {
-                       LOG_WARNING("no flash bank found for address %" PRIx32, run_address);
+                       LOG_WARNING("no flash bank found for address " TARGET_ADDR_FMT, run_address);
                        section++;      /* and skip it */
                        section_offset = 0;
                        continue;
@@ -652,7 +652,18 @@ int flash_write_unlock(struct target *target, struct image *image,
                        /* if we have multiple sections within our image,
                         * flash programming could fail due to alignment issues
                         * attempt to rebuild a consecutive buffer for the flash loader */
-                       pad_bytes = (sections[section_last + 1]->base_address) - (run_address + run_size);
+                       target_addr_t run_next_addr = run_address + run_size;
+                       if (sections[section_last + 1]->base_address < run_next_addr) {
+                               LOG_ERROR("Section at " TARGET_ADDR_FMT
+                                       " overlaps section ending at " TARGET_ADDR_FMT,
+                                       sections[section_last + 1]->base_address,
+                                       run_next_addr);
+                               LOG_ERROR("Flash write aborted.");
+                               retval = ERROR_FAIL;
+                               goto done;
+                       }
+
+                       pad_bytes = sections[section_last + 1]->base_address - run_next_addr;
                        padding[section_last] = pad_bytes;
                        run_size += sections[++section_last]->size;
                        run_size += pad_bytes;

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)