This patch adds a safety check to the cfi flash. If the config file defined a flash smaller (maybe intentionally) then the physical one. the cfi will read the actual size from the eprom and will try to initialize a buffer of the wrong size... which will cause a memory over run and unpredicted behaviour.
================ sof =================== diff -x .svn -Nuar u-boot.git/drivers/cfi_flash.c u-boot-exsw6000/drivers/cfi_flash.c --- u-boot.git/drivers/cfi_flash.c 2007-05-28 02:11:11.000000000 +0300 +++ u-boot-exsw6000/drivers/cfi_flash.c 2007-06-03 22:13:42.000000000 +0300 @@ -1281,7 +1281,7 @@ erase_region_count = (tmp & 0xffff) + 1; debug ("erase_region_count = %d erase_region_size = %d\n", erase_region_count, erase_region_size); - for (j = 0; j < erase_region_count; j++) { + for (j = 0; j < erase_region_count && sect_cnt < CFG_MAX_FLASH_SECT; j++) { info->start[sect_cnt] = sector; sector += (erase_region_size * size_ratio);
@@ -1323,6 +1323,9 @@ }
flash_write_cmd (info, 0, 0, info->cmd_reset); +#if defined(CONFIG_FORCE_FLASH_BANK_SIZE) + info->size = CONFIG_FORCE_FLASH_BANK_SIZE; +#endif return (info->size); }
================ eof ===================