[PATCH] spl: spl_load: fix comparison between negative error code and unsigned size
Sean Anderson
seanga2 at gmail.com
Wed Sep 11 02:48:29 CEST 2024
On 8/30/24 23:17, Daniel Palmer wrote:
> read could be a negative error value but size in spl_image is unsigned
> so when they are compared read is used as if it's a unsigned value
> and if it's negative it'll most likely be bigger than size and the
> result will be true and _spl_load() will return 0 to the caller.
Then cast spl_image->size to long.
> This results in the caller to _spl_load() not seeing that an error happened
> as it should and continuing as if the load was completed when it might
> not have been.
>
> Check if read is negative and return it's value if it is before comparing
> against size in spl_image.
>
> Signed-off-by: Daniel Palmer <daniel at 0x0f.com>
> ---
> include/spl_load.h | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/include/spl_load.h b/include/spl_load.h
> index 1c2b296c0a2c..7de834f402b8 100644
> --- a/include/spl_load.h
> +++ b/include/spl_load.h
> @@ -83,6 +83,10 @@ static inline int _spl_load(struct spl_image_info *spl_image,
>
> read = info->read(info, offset + image_offset, size,
> map_sysmem(spl_image->load_addr - overhead, size));
> +
> + if (read < 0)
> + return read;
> +
> return read < spl_image->size ? -EIO : 0;
> }
>
More information about the U-Boot
mailing list