[PATCH v1] mmc: fix signed vs unsigned compare in read check in _spl_load()
Franco VENTURI
fventuri at comcast.net
Wed Jul 31 15:10:44 CEST 2024
Sean, thanks for the quick response.
I just resubmitted version 2 of that patch with a cast to int.
Franco
> On 07/31/2024 8:52 AM EDT Sean Anderson <seanga2 at gmail.com> wrote:
>
>
> Hi Franco,
>
> On 7/30/24 09:30, Franco Venturi wrote:
> > Fix signed vs unsigned compare in read check in _spl_load()
> >
> > Issue: when info->read() returns a negative value because of an error,
> > the comparison of 'read' (signed) with 'sizeof(*header)'
> > (unsigned silently converts the negative value into a very
> > large unsigned value and the check on the error condition
> > always return false, i.e. the error is not detected
> > Symptoms: if spl_load_image_fat() is unable to find the file 'uImage',
> > the SPL phase of the boot process just hangs after displaying
> > the following line:
> > Trying to boot from MMC1
> > Fix: first check if 'read' is negative then check its value against
> > 'sizeof(*header)'
> > Reference: https://stackoverflow.com/questions/17293749/sizeof-operator-in-if-statement
> >
> > Signed-off-by: Franco Venturi <fventuri at comcast.net>
> > ---
> >
> > include/spl_load.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/include/spl_load.h b/include/spl_load.h
> > index 1c2b296c0a..1e05599d29 100644
> > --- a/include/spl_load.h
> > +++ b/include/spl_load.h
> > @@ -22,7 +22,7 @@ static inline int _spl_load(struct spl_image_info *spl_image,
> >
> > read = info->read(info, offset, ALIGN(sizeof(*header),
> > spl_get_bl_len(info)), header);
> > - if (read < sizeof(*header))
> > + if (read < 0 || read < sizeof(*header))
> > return -EIO;
> >
> > if (image_get_magic(header) == FDT_MAGIC) {
>
> Since read and int and sizeof(*header) < INT_MAX, I think the best solution is
> to cast the latter to an int.
>
> --Sean
More information about the U-Boot
mailing list