Hi,

I see an issue when the u-boot is unable to load (fsload) the kernel or device tree files from NOR flash to RAM, occasionally. I am using u-boot version "U-Boot 2011.12 ".

The root cause seems to be the size of “pL->readbuf” malloc’ed in jffs2_1pass_build_lists () jffs_1pass.c file.

The size used for allocation for 'readbuf' is based on max data size among the fragmented jNodes “node->totlen” (excluding summary nodes). It looks like on the occasions when fsload works, the buffer size is alloc’ed 4164 (empty scan size of 4096 + sizeof jNode 68); this seems to be big enough for every chunk of data read later on in jffs2_1pass_read_inode(). However, on occasions when fsload fails; the size alloc’ed for readbuf is fairly small causing memory corruption in jffs2_1pass_read_inode().

I found couple of ways to workaround the issue (statically alloc readbuf for 4164 or provide null ptr for external buffer in get_node_mem() call in jffs2_1pass_read_inode()).

Why is max_totlen calculation is restricted to size of fragmented nodes and not summary nodes as well?