From: Roel Kluin Date: Fri, 18 Sep 2009 19:51:49 +0000 (-0700) Subject: mtd: mtdconcat: prevent a read from eraseregions[-1] X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ebf2e93036907fe2a7ddab942aa63d35f97f3b2b;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git mtd: mtdconcat: prevent a read from eraseregions[-1] If the erase region was found in the first iteration we read from eraseregions[-1] Signed-off-by: Roel Kluin Signed-off-by: Andrew Morton Signed-off-by: David Woodhouse --- diff --git a/drivers/mtd/mtdconcat.c b/drivers/mtd/mtdconcat.c index 792b547786b8..db6de74082ad 100644 --- a/drivers/mtd/mtdconcat.c +++ b/drivers/mtd/mtdconcat.c @@ -427,7 +427,7 @@ static int concat_erase(struct mtd_info *mtd, struct erase_info *instr) * to-be-erased area begins. Verify that the starting * offset is aligned to this region's erase size: */ - if (instr->addr & (erase_regions[i].erasesize - 1)) + if (i < 0 || instr->addr & (erase_regions[i].erasesize - 1)) return -EINVAL; /* @@ -440,8 +440,8 @@ static int concat_erase(struct mtd_info *mtd, struct erase_info *instr) /* * check if the ending offset is aligned to this region's erase size */ - if ((instr->addr + instr->len) & (erase_regions[i].erasesize - - 1)) + if (i < 0 || ((instr->addr + instr->len) & + (erase_regions[i].erasesize - 1))) return -EINVAL; }