On Sun, Dec 11, 2016 at 08:16:31PM +0000, Nick Dyer wrote:
> On Sun, Dec 11, 2016 at 12:03:49AM -0800, Dmitry Torokhov wrote:
> > On Sun, Dec 11, 2016 at 12:18:26AM +0000, Nick Dyer wrote:
> > > +static void rmi_f34v7_parse_img_header_10_bl_container(struct f34_data
> > > *f34,
> > > + const u8 *image)
> > > +{
> > > + int i;
> > > + int num_of_containers;
> > > + unsigned int addr;
> > > + unsigned int container_id;
> > > + unsigned int length;
> > > + const u8 *content;
> > > + struct container_descriptor *descriptor;
> > > +
> > > + BUG_ON(f34->v7.img.bootloader.size < 4);
> >
> > Killing the box because you got bad firmware is not very nice...
> >
> > > +
> > > + num_of_containers = (f34->v7.img.bootloader.size - 4) / 4;
> >
> > Wouldn't
> >
> > num_of_containes = f34->v7.img.bootloader.size / 4 - 1;
> >
> > give the same result but be less "suspicious". The variable is 'int' so
> > for size < 4 we'll get a negative and the loop won't execute.
>
> Neat!
>
> > > +
> > > + for (i = 1; i <= num_of_containers; i++) {
> > > + addr = get_unaligned_le32(f34->v7.img.bootloader.data + i*4);
> > > + descriptor = (struct container_descriptor *)(image + addr);
> >
> > This casts away constness, which is not nice. DOes it still work if you
> > apply the below on top?
>
> I've run it through a few flash cycles with no issues.
>
> Tested-by: Nick Dyer <n...@shmanahar.org>
Great, I'll fold and apply then. Thanks!
--
Dmitry
