From: Taylor Hutt thutt@chromium.org
If a malformed 'read' or 'write' command is issued, the Sandbox U-Boot can crash because the command-handling code does no error checking on the number of provided arguments.
This change makes the mmc 'erase', 'read' and 'write' commands only function if the proper number of arguments are supplied.
Also puts the else assignment at the beginning fo the if() statement to shortens the generated code. This removes an unnecessary jump from the generated code.
BRANCH=none Signed-off-by: Taylor Hutt thutt@chromium.org Signed-off-by: Simon Glass sjg@chromium.org --- common/cmd_mmc.c | 9 ++++----- 1 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/common/cmd_mmc.c b/common/cmd_mmc.c index 79a1088..735947b 100644 --- a/common/cmd_mmc.c +++ b/common/cmd_mmc.c @@ -250,14 +250,13 @@ int do_mmcops(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return 0; }
- if (strcmp(argv[1], "read") == 0) + state = MMC_INVALID; + if (argc == 5 && strcmp(argv[1], "read") == 0) state = MMC_READ; - else if (strcmp(argv[1], "write") == 0) + else if (argc == 5 && strcmp(argv[1], "write") == 0) state = MMC_WRITE; - else if (strcmp(argv[1], "erase") == 0) + else if (argc == 4 && strcmp(argv[1], "erase") == 0) state = MMC_ERASE; - else - state = MMC_INVALID;
if (state != MMC_INVALID) { struct mmc *mmc = find_mmc_device(curr_device);