[PATCH v1] mmc: fix signed vs unsigned compare in read check in _spl_load()

Franco Venturi fventuri at comcast.net
Tue Jul 30 15:30:32 CEST 2024


Fix signed vs unsigned compare in read check in _spl_load()

Issue: when info->read() returns a negative value because of an error,
       the comparison of 'read' (signed) with 'sizeof(*header)'
       (unsigned silently converts the negative value into a very
       large unsigned value and the check on the error condition
       always return false, i.e. the error is not detected
Symptoms: if spl_load_image_fat() is unable to find the file 'uImage',
          the SPL phase of the boot process just hangs after displaying
          the following line:
          Trying to boot from MMC1
Fix: first check if 'read' is negative then check its value against
     'sizeof(*header)'
Reference: https://stackoverflow.com/questions/17293749/sizeof-operator-in-if-statement

Signed-off-by: Franco Venturi <fventuri at comcast.net>
---

 include/spl_load.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/spl_load.h b/include/spl_load.h
index 1c2b296c0a..1e05599d29 100644
--- a/include/spl_load.h
+++ b/include/spl_load.h
@@ -22,7 +22,7 @@ static inline int _spl_load(struct spl_image_info *spl_image,
 
 	read = info->read(info, offset, ALIGN(sizeof(*header),
 					      spl_get_bl_len(info)), header);
-	if (read < sizeof(*header))
+	if (read < 0 || read < sizeof(*header))
 		return -EIO;
 
 	if (image_get_magic(header) == FDT_MAGIC) {
-- 
2.45.2



More information about the U-Boot mailing list