From: Mario Six Date: Fri, 26 Jan 2018 13:43:53 +0000 (+0100) Subject: cfi_flash: Bound-check index before array access X-Git-Tag: v2025.01-rc5-pxa1908~4971^2~3 X-Git-Url: http://git.dujemihanovic.xyz/posts?a=commitdiff_plain;h=5701ba82894d679eb42df5d0b93a2d44b3df695d;p=u-boot.git cfi_flash: Bound-check index before array access In a while loop in cfi_flash.c the array "start" is accessed at the index "sector" before the index variable "sector" is bounds-checked, which might lead to accesses beyond the bounds of the array. Swap the order of the checks in the "&&" expression, so that the short-circuit evaluation prevents out-of-bounds array accesses. Signed-off-by: Mario Six Signed-off-by: Stefan Roese --- diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c index 5ba0c5fdec..61c2e6379d 100644 --- a/drivers/mtd/cfi_flash.c +++ b/drivers/mtd/cfi_flash.c @@ -761,8 +761,8 @@ static flash_sect_t find_sector(flash_info_t *info, ulong addr) if (info != saved_info || sector >= info->sector_count) sector = 0; - while ((info->start[sector] < addr) && - (sector < info->sector_count - 1)) + while ((sector < info->sector_count - 1) && + (info->start[sector] < addr)) sector++; while ((info->start[sector] > addr) && (sector > 0)) /*