NOR/CFI: check "flash bank" command arguments

Arguments chip_width and bus_width of command "flash bank" are
not fully checked.
While bus_width is later on redundantly checked in several other
parts (e.g. in cfi_command_val()) and generates run-time error,
chip_width is never checked, nor related to actual bus_width
value.
Added check to avoid:
- (chip_width == 0), that would mean no memory chip at all,
  avoiding also division by zero e.g. in cfi_get_u8();
- (bus_width == 0), that would mean no bus at all;
- unsupported cases of chip_width or bus_width value not power
  of 2;
- unsupported case of chip width wider than bus.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>

diff --git a/src/flash/nor/cfi.c b/src/flash/nor/cfi.c
index 2235c85ce39f16e83eae9fac580952b0b2cef78f..ba2d9095f1ddc603882ea4fcf94c4a29128fb6fa 100644 (file)
--- a/src/flash/nor/cfi.c
+++ b/src/flash/nor/cfi.c
@@ -624,8 +624,18 @@ FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
                return ERROR_FLASH_BANK_INVALID;
        }
 
+       /* both widths must:
+        * - not exceed max value;
+        * - not be null;
+        * - be equal to a power of 2.
+        * bus must be wide enought to hold one chip */
        if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
-                       || (bank->bus_width > CFI_MAX_BUS_WIDTH))
+                       || (bank->bus_width > CFI_MAX_BUS_WIDTH)
+                       || (bank->chip_width == 0)
+                       || (bank->bus_width == 0)
+                       || (bank->chip_width & (bank->chip_width - 1))
+                       || (bank->bus_width & (bank->bus_width - 1))
+                       || (bank->chip_width > bank->bus_width))
        {
                LOG_ERROR("chip and bus width have to specified in bytes");
                return ERROR_FLASH_BANK_INVALID;