In a while loop in cfi_flash.c the array "start" is accessed at the index
"sector" before the index variable "sector" is bounds-checked, which
might lead to accesses beyond the bounds of the array.
Swap the order of the checks in the "&&" expression, so that the
short-circuit evaluation prevents out-of-bounds array accesses.
Signed-off-by: Mario Six <mario....@gdsys.cc>
---
drivers/mtd/cfi_flash.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c
index 93bf9ed539..40a3544e5b 100644
--- a/drivers/mtd/cfi_flash.c
+++ b/drivers/mtd/cfi_flash.c
@@ -760,8 +760,8 @@ static flash_sect_t find_sector(flash_info_t *info, ulong
addr)
if (info != saved_info || sector >= info->sector_count)
sector = 0;
- while ((info->start[sector] < addr) &&
- (sector < info->sector_count - 1))
+ while ((sector < info->sector_count - 1) &&
+ (info->start[sector] < addr))
sector++;
while ((info->start[sector] > addr) && (sector > 0))
/*
--
2.11.0
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
