From d92773b2057ef163cd062b2408b99bdc3404f905 Mon Sep 17 00:00:00 2001
From: Bohdan Tymkiv <bhdt@cypress.com>
Date: Thu, 3 May 2018 22:50:58 +0300
Subject: [PATCH 1/1] flash/nor/tcl.c: fix flash bank bounds check in 'flash
 fill' command handler

Steps to reproduce ( STM32F103 'Blue Pill', 128KiB of flash ):
> flash fillh 0x0801FFFE 00 1
wrote 2 bytes to 0x0801fffe in 0.019088s (0.102 KiB/s)
> flash fillw 0x0801FFFE 00 1
Error: stm32f1x.cpu -- clearing lockup after double fault
Error: error waiting for target flash write algorithm
Error: error writing to flash at address 0x08000000 at offset 0x0001fffe

Change-Id: I145092ec5e45bc586b3df48bf37c38c9226915c1
Signed-off-by: Bohdan Tymkiv <bhdt@cypress.com>
Reviewed-on: http://openocd.zylin.com/4516
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
---
 src/flash/nor/tcl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/flash/nor/tcl.c b/src/flash/nor/tcl.c
index b4f375fe71..95ca8192f7 100644
--- a/src/flash/nor/tcl.c
+++ b/src/flash/nor/tcl.c
@@ -506,7 +506,7 @@ COMMAND_HANDLER(handle_flash_fill_command)
 	if (count == 0)
 		return ERROR_OK;
 
-	if (address + count >= bank->base + bank->size) {
+	if (address + count * wordsize > bank->base + bank->size) {
 		LOG_ERROR("Cannot cross flash bank borders");
 		return ERROR_FAIL;
 	}
-- 
2.30.2