Hi Daniel, On Fri, 30 Aug 2024 at 21:17, Daniel Palmer <dan...@0x0f.com> wrote: > > read could be a negative error value but size in spl_image is unsigned > so when they are compared read is used as if it's a unsigned value > and if it's negative it'll most likely be bigger than size and the > result will be true and _spl_load() will return 0 to the caller. > > This results in the caller to _spl_load() not seeing that an error happened > as it should and continuing as if the load was completed when it might > not have been. > > Check if read is negative and return it's value if it is before comparing > against size in spl_image. > > Signed-off-by: Daniel Palmer <dan...@0x0f.com> > --- > include/spl_load.h | 4 ++++ > 1 file changed, 4 insertions(+)
Reviewed-by: Simon Glass <s...@chromium.org> > > diff --git a/include/spl_load.h b/include/spl_load.h > index 1c2b296c0a2c..7de834f402b8 100644 > --- a/include/spl_load.h > +++ b/include/spl_load.h > @@ -83,6 +83,10 @@ static inline int _spl_load(struct spl_image_info > *spl_image, > > read = info->read(info, offset + image_offset, size, > map_sysmem(spl_image->load_addr - overhead, size)); > + > + if (read < 0) > + return read; > + > return read < spl_image->size ? -EIO : 0; > } > > -- > 2.43.0 >
