[U-Boot] [PATCH 13/17] mmc: Fix incorrect handling of 'read' & 'write' commands

Simon Glass sjg at chromium.org
Sat Nov 3 01:27:29 CET 2012


From: Taylor Hutt <thutt at chromium.org>

If a malformed 'read' or 'write' command is issued, the Sandbox U-Boot
can crash because the command-handling code does no error checking on
the number of provided arguments.

This change makes the mmc 'erase', 'read' and 'write' commands only
function if the proper number of arguments are supplied.

Also puts the else assignment at the beginning fo the if() statement
to shortens the generated code.  This removes an unnecessary jump from
the generated code.

BRANCH=none
Signed-off-by: Taylor Hutt <thutt at chromium.org>
Signed-off-by: Simon Glass <sjg at chromium.org>
---
 common/cmd_mmc.c |    9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/common/cmd_mmc.c b/common/cmd_mmc.c
index 79a1088..735947b 100644
--- a/common/cmd_mmc.c
+++ b/common/cmd_mmc.c
@@ -250,14 +250,13 @@ int do_mmcops(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 		return 0;
 	}
 
-	if (strcmp(argv[1], "read") == 0)
+	state = MMC_INVALID;
+	if (argc == 5 && strcmp(argv[1], "read") == 0)
 		state = MMC_READ;
-	else if (strcmp(argv[1], "write") == 0)
+	else if (argc == 5 && strcmp(argv[1], "write") == 0)
 		state = MMC_WRITE;
-	else if (strcmp(argv[1], "erase") == 0)
+	else if (argc == 4 && strcmp(argv[1], "erase") == 0)
 		state = MMC_ERASE;
-	else
-		state = MMC_INVALID;
 
 	if (state != MMC_INVALID) {
 		struct mmc *mmc = find_mmc_device(curr_device);
-- 
1.7.7.3



More information about the U-Boot mailing list