From: David Woodhouse Date: Fri, 30 Nov 2007 16:24:52 +0000 (+0000) Subject: [MTD] [NOR] Fix overflow check in jedec_probe X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f6f0f81895ad8272905bf3d637b7c99a62238d79;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git [MTD] [NOR] Fix overflow check in jedec_probe Having laid the code out so that it's easier to read instead of sticking to the 80-column guideline even when it doesn't make sense, a bug is immediately spotted... we were only checking _one_ of the unlock addresses to see if it runs off the end of the map. Signed-off-by: David Woodhouse --- diff --git a/drivers/mtd/chips/jedec_probe.c b/drivers/mtd/chips/jedec_probe.c index cb8c34da360..6041ce8908e 100644 --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1952,7 +1952,7 @@ static int jedec_probe_chip(struct map_info *map, __u32 base, } /* Ensure the unlock addresses we try stay inside the map */ probe_offset1 = cfi_build_cmd_addr(cfi->addr_unlock1, cfi_interleave(cfi), cfi->device_type); - probe_offset2 = cfi_build_cmd_addr(cfi->addr_unlock1, cfi_interleave(cfi), cfi->device_type); + probe_offset2 = cfi_build_cmd_addr(cfi->addr_unlock2, cfi_interleave(cfi), cfi->device_type); if ( ((base + probe_offset1 + map_bankwidth(map)) >= map->size) || ((base + probe_offset2 + map_bankwidth(map)) >= map->size)) goto retry;