If 0 is passed to the 'bytes' parameter in the ubi_start_update(), there is no need to call the ubi_more_update_data(). Otherwise, there will be a double-free of 'vol->upd_buf'.
Also check that the ubi_start_update() was called before calling the ubi_more_update_data().
Signed-off-by: Martin Kurbanov mmkurbanov@salutedevices.com --- cmd/ubi.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/cmd/ubi.c b/cmd/ubi.c index a9c5560182..d252d6387f 100644 --- a/cmd/ubi.c +++ b/cmd/ubi.c @@ -363,6 +363,11 @@ static int ubi_volume_continue_write(char *volume, void *buf, size_t size) if (vol == NULL) return ENODEV;
+ if (!vol->updating) { + printf("UBI volume update was not initiated\n"); + return EINVAL; + } + err = ubi_more_update_data(ubi, vol, buf, size); if (err < 0) { printf("Couldnt or partially wrote data\n"); @@ -412,6 +417,10 @@ int ubi_volume_begin_write(char *volume, void *buf, size_t size, return -err; }
+ /* The volume is just wiped out */ + if (!full_size) + return 0; + return ubi_volume_continue_write(volume, buf, size); }