[PATCH] spl: spl_load: fix comparison between negative error code and unsigned size

Sean Anderson seanga2 at gmail.com
Wed Sep 11 02:48:29 CEST 2024


On 8/30/24 23:17, Daniel Palmer wrote:
> read could be a negative error value but size in spl_image is unsigned
> so when they are compared read is used as if it's a unsigned value
> and if it's negative it'll most likely be bigger than size and the
> result will be true and _spl_load() will return 0 to the caller.

Then cast spl_image->size to long.

> This results in the caller to _spl_load() not seeing that an error happened
> as it should and continuing as if the load was completed when it might
> not have been.
> 
> Check if read is negative and return it's value if it is before comparing
> against size in spl_image.
> 
> Signed-off-by: Daniel Palmer <daniel at 0x0f.com>
> ---
>   include/spl_load.h | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/include/spl_load.h b/include/spl_load.h
> index 1c2b296c0a2c..7de834f402b8 100644
> --- a/include/spl_load.h
> +++ b/include/spl_load.h
> @@ -83,6 +83,10 @@ static inline int _spl_load(struct spl_image_info *spl_image,
>   
>   	read = info->read(info, offset + image_offset, size,
>   			  map_sysmem(spl_image->load_addr - overhead, size));
> +
> +	if (read < 0)
> +		return read;
> +
>   	return read < spl_image->size ? -EIO : 0;
>   }
>   



More information about the U-Boot mailing list