From 0eb7fb59a0afe9c82f1f3d3f88fb88e3f04d706a Mon Sep 17 00:00:00 2001 From: Jon Povey Date: Thu, 13 May 2010 18:31:41 +0900 Subject: [PATCH] NAND: fix off-by-one error in erase command argument range MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The last_block argument to nand_erase() is checked against nand->num_blocks, but the highest valid block number is (total - 1), the test for invalid should be ">=" rather than ">". Signed-off-by: Jon Povey Signed-off-by: Øyvind Harboe --- src/flash/nand/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/flash/nand/core.c b/src/flash/nand/core.c index 9013812d..e7634916 100644 --- a/src/flash/nand/core.c +++ b/src/flash/nand/core.c @@ -528,7 +528,7 @@ int nand_erase(struct nand_device *nand, int first_block, int last_block) if (!nand->device) return ERROR_NAND_DEVICE_NOT_PROBED; - if ((first_block < 0) || (last_block > nand->num_blocks)) + if ((first_block < 0) || (last_block >= nand->num_blocks)) return ERROR_INVALID_ARGUMENTS; /* make sure we know if a block is bad before erasing it */ -- 2.39.5