[U-Boot] crash when doing `sf probe` multiple times due to API miscommunication

[Mike Frysinger]

the `sf probe` command does:
static int do_spi_flash_probe(...)
{
	...
	new = spi_flash_probe(bus, cs, speed, mode);
	if (flash)
		spi_flash_free(flash);
	flash = new;
	...
}

looks good ... if the user ran `sf probe` once already, then we need to free 
that structure ...

however, let's take a look at spi_flash_probe ...
struct spi_flash *spi_flash_probe(...)
{
	...
	case 0x01: flash = spi_flash_probe_atmel(spi, idcode);
	...
	case 0x1F: flash = spi_flash_probe_spansion(spi, idcode);
	...
	case 0x20: flash = spi_flash_probe_stmicro(spi, idcode);
	...
	return flash;
}

and so we descend another level ...
struct spi_flash *spi_flash_probe_stmicro(...)
{
	...
	stm = malloc(sizeof(struct stmicro_spi_flash));
	...
	return &stm->flash;
}
struct spi_flash *spi_flash_probe_atmel(...)
{
	...
	asf = malloc(sizeof(struct atmel_spi_flash));
	...
	return &asf->flash;
}

clearly this isnt lining up.  the `sf` command expects to be given back 
malloced memory, not a pointer to the middle of a malloc.  so calling free() 
on the pointer returned is invalid (and in my case, crashes the board most of 
the time).
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
Url : http://lists.denx.de/pipermail/u-boot/attachments/20081211/5430e1ea/attachment-0001.pgp