[PATCH v1 0/2] cmd: ubi: check 'updating' before calling ubi_more_update_data()
If 0 is passed to the 'bytes' parameter in the ubi_start_update(), there is no need to call the ubi_more_update_data(). Otherwise, there will be a double-free of 'vol->upd_buf'.
Also check that the ubi_start_update() was called before calling the ubi_more_update_data().
Martin Kurbanov (2): cmd: ubi: remove redundant initializations cmd: ubi: check 'updating' before calling ubi_more_update_data()
cmd/ubi.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-)
Signed-off-by: Martin Kurbanov mmkurbanov@salutedevices.com --- cmd/ubi.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/cmd/ubi.c b/cmd/ubi.c index 0a6a80bdd1..a9c5560182 100644 --- a/cmd/ubi.c +++ b/cmd/ubi.c @@ -249,7 +249,7 @@ static int ubi_create_vol(char *volume, int64_t size, int dynamic, int vol_id,
static struct ubi_volume *ubi_find_volume(char *volume) { - struct ubi_volume *vol = NULL; + struct ubi_volume *vol; int i;
for (i = 0; i < ubi->vtbl_slots; i++) { @@ -356,7 +356,7 @@ static int ubi_rename_vol(char *oldname, char *newname)
static int ubi_volume_continue_write(char *volume, void *buf, size_t size) { - int err = 1; + int err; struct ubi_volume *vol;
vol = ubi_find_volume(volume); @@ -392,8 +392,8 @@ static int ubi_volume_continue_write(char *volume, void *buf, size_t size) int ubi_volume_begin_write(char *volume, void *buf, size_t size, size_t full_size) { - int err = 1; - int rsvd_bytes = 0; + int err; + int rsvd_bytes; struct ubi_volume *vol;
vol = ubi_find_volume(volume); @@ -574,7 +574,7 @@ static int ubi_detach(void) int ubi_part(char *part_name, const char *vid_header_offset) { struct mtd_info *mtd; - int err = 0; + int err;
if (ubi && ubi->mtd && !strcmp(ubi->mtd->name, part_name)) { printf("UBI partition '%s' already selected\n", part_name); @@ -605,7 +605,7 @@ int ubi_part(char *part_name, const char *vid_header_offset)
static int do_ubi(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { - int64_t size = 0; + int64_t size; ulong addr = 0; bool skipcheck = false;
If 0 is passed to the 'bytes' parameter in the ubi_start_update(), there is no need to call the ubi_more_update_data(). Otherwise, there will be a double-free of 'vol->upd_buf'.
Also check that the ubi_start_update() was called before calling the ubi_more_update_data().
Signed-off-by: Martin Kurbanov mmkurbanov@salutedevices.com --- cmd/ubi.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/cmd/ubi.c b/cmd/ubi.c index a9c5560182..d252d6387f 100644 --- a/cmd/ubi.c +++ b/cmd/ubi.c @@ -363,6 +363,11 @@ static int ubi_volume_continue_write(char *volume, void *buf, size_t size) if (vol == NULL) return ENODEV;
+ if (!vol->updating) { + printf("UBI volume update was not initiated\n"); + return EINVAL; + } + err = ubi_more_update_data(ubi, vol, buf, size); if (err < 0) { printf("Couldnt or partially wrote data\n"); @@ -412,6 +417,10 @@ int ubi_volume_begin_write(char *volume, void *buf, size_t size, return -err; }
+ /* The volume is just wiped out */ + if (!full_size) + return 0; + return ubi_volume_continue_write(volume, buf, size); }
Hello. Please, ping
On 16.06.2024 16:34, Martin Kurbanov wrote:
If 0 is passed to the 'bytes' parameter in the ubi_start_update(), there is no need to call the ubi_more_update_data(). Otherwise, there will be a double-free of 'vol->upd_buf'.
Also check that the ubi_start_update() was called before calling the ubi_more_update_data().
Martin Kurbanov (2): cmd: ubi: remove redundant initializations cmd: ubi: check 'updating' before calling ubi_more_update_data()
cmd/ubi.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-)
participants (1)
-
Martin Kurbanov