spl: spl_load: fix comparison between negative error code and unsigned size
authorDaniel Palmer <daniel@0x0f.com>
Sat, 31 Aug 2024 03:17:06 +0000 (12:17 +0900)
committerTom Rini <trini@konsulko.com>
Tue, 10 Sep 2024 19:15:13 +0000 (13:15 -0600)
read could be a negative error value but size in spl_image is unsigned
so when they are compared read is used as if it's a unsigned value
and if it's negative it'll most likely be bigger than size and the
result will be true and _spl_load() will return 0 to the caller.

This results in the caller to _spl_load() not seeing that an error happened
as it should and continuing as if the load was completed when it might
not have been.

Check if read is negative and return it's value if it is before comparing
against size in spl_image.

Signed-off-by: Daniel Palmer <daniel@0x0f.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
include/spl_load.h

index 83db3812029831d516e4e26292347cc1a1e7179c..935f7d336f2ba59a345dfbd8fc6595989be0dbca 100644 (file)
@@ -83,6 +83,10 @@ static inline int _spl_load(struct spl_image_info *spl_image,
 
        read = info->read(info, offset + image_offset, size,
                          map_sysmem(spl_image->load_addr - overhead, size));
+
+       if (read < 0)
+               return read;
+
        return read < spl_image->size ? -EIO : 0;
 }