From: Øyvind Harboe <oyvind.harboe@zylin.com>
Date: Fri, 10 Sep 2010 08:22:14 +0000 (+0200)
Subject: cfi: random crash in cfi_probe() fixed
X-Git-Tag: v0.5.0-rc1~427
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8c21659d2a81912c2d591d3889893040d1aa9028;p=openocd

cfi: random crash in cfi_probe() fixed

for non_cfi cfi chips free() was invoked on rodata.

The mystery is why this bug has survived for so long.

Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
---

diff --git a/src/flash/nor/non_cfi.c b/src/flash/nor/non_cfi.c
index e0ea568a..569ffc5f 100644
--- a/src/flash/nor/non_cfi.c
+++ b/src/flash/nor/non_cfi.c
@@ -486,7 +486,11 @@ void cfi_fixup_non_cfi(struct flash_bank *bank)
 	cfi_info->max_buf_write_size = non_cfi->max_buf_write_size;
 	cfi_info->status_poll_mask = non_cfi->status_poll_mask;
 	cfi_info->num_erase_regions = non_cfi->num_erase_regions;
-	cfi_info->erase_region_info = non_cfi->erase_region_info;
+	size_t erase_region_info_size = sizeof(*cfi_info->erase_region_info) *
+			cfi_info->num_erase_regions;
+	cfi_info->erase_region_info = malloc(erase_region_info_size);
+	memcpy(cfi_info->erase_region_info,
+			non_cfi->erase_region_info, erase_region_info_size);
 	cfi_info->dev_size = non_cfi->dev_size;
 
 	if (cfi_info->pri_id == 0x2)