From: Peter Tyser Date: Thu, 30 Dec 2010 21:47:56 +0000 (-0600) Subject: cmd_jffs2: Fix get_part_sector_size_nor() overflow bug X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=141053d60ac459bc3859c06fe7cf16160077f937;p=project%2Fbcm63xx%2Fu-boot.git cmd_jffs2: Fix get_part_sector_size_nor() overflow bug When a flash partition was positioned at the very top of a 32-bit memory map (eg located at 0xf8000000 with a size of 0x8000000) get_part_sector_size_nor() would incorrectly calculate the partition's ending address to 0x0 due to overflow. When the overflow occurred get_part_sector_size_nor() would falsely return a sector size of 0. A sector size of 0 results in subsequent jffs2 operations failing. To workaround the overflow subtract 1 from calculated address of the partition endpoint. Signed-off-by: Peter Tyser --- diff --git a/common/cmd_jffs2.c b/common/cmd_jffs2.c index 0e7a6b0f3b..27296ddd7d 100644 --- a/common/cmd_jffs2.c +++ b/common/cmd_jffs2.c @@ -281,7 +281,7 @@ static inline u32 get_part_sector_size_nor(struct mtdids *id, struct part_info * flash = &flash_info[id->num]; start_phys = flash->start[0] + part->offset; - end_phys = start_phys + part->size; + end_phys = start_phys + part->size - 1; for (i = 0; i < flash->sector_count; i++) { if (flash->start[i] >= end_phys)