You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ut...@apache.org on 2021/10/06 16:29:04 UTC

[mynewt-mcumgr] branch master updated: zephyr: Fix usage of zephyr_img_mgmt_flash_area_id

This is an automated email from the ASF dual-hosted git repository.

utzig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-mcumgr.git


The following commit(s) were added to refs/heads/master by this push:
     new 2e385b6  zephyr: Fix usage of zephyr_img_mgmt_flash_area_id
2e385b6 is described below

commit 2e385b6f12fac62a30bca174ff770ad71f808375
Author: Dominik Ermel <do...@nordicsemi.no>
AuthorDate: Wed Oct 6 11:42:25 2021 +0000

    zephyr: Fix usage of zephyr_img_mgmt_flash_area_id
    
    The zephyr_img_mgmt_flash_area_id is allowed to return negative
    value as error, but due to lack of checks that value could be
    passed to functions with poor parameter checks, causing a softare
    to crash.
    
    Signed-off-by: Dominik Ermel <do...@nordicsemi.no>
---
 cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c b/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c
index e1cfcdb..d2a56d7 100644
--- a/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c
+++ b/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c
@@ -181,7 +181,7 @@ img_mgmt_get_unused_slot_area_id(int slot)
         for (slot = 0; slot < 2; slot++) {
             if (img_mgmt_slot_in_use(slot) == 0) {
                 int area_id = zephyr_img_mgmt_flash_area_id(slot);
-                if (area_id != -1) {
+                if (area_id >= 0) {
                     return area_id;
                 }
             }
@@ -319,8 +319,13 @@ img_mgmt_impl_read(int slot, unsigned int offset, void *dst,
 {
     const struct flash_area *fa;
     int rc;
+    int area_id = zephyr_img_mgmt_flash_area_id(slot);
 
-    rc = flash_area_open(zephyr_img_mgmt_flash_area_id(slot), &fa);
+    if (area_id < 0) {
+       return MGMT_ERR_EUNKNOWN;
+    }
+
+    rc = flash_area_open(area_id, &fa);
     if (rc != 0) {
       return MGMT_ERR_EUNKNOWN;
     }
@@ -682,8 +687,13 @@ img_mgmt_impl_erased_val(int slot, uint8_t *erased_val)
 {
     const struct flash_area *fa;
     int rc;
+    int area_id = zephyr_img_mgmt_flash_area_id(slot);
+
+    if (area_id < 0) {
+      return MGMT_ERR_EUNKNOWN;
+    }
 
-    rc = flash_area_open(zephyr_img_mgmt_flash_area_id(slot), &fa);
+    rc = flash_area_open(area_id, &fa);
     if (rc != 0) {
       return MGMT_ERR_EUNKNOWN;
     }