> +/* AQR firmware doesn't have fixed offsets for iram and dram section
> + * but instead provide an header with the offset to use on reading
> + * and parsing the firmware.
> + *
> + * AQR firmware can't be trusted and each offset is validated to be
> + * not negative and be in the size of the firmware itself.
> + */
> +static inline bool aqr_fw_validate_get(size_t size, size_t offset, size_t get_size)
> +{
> + return size + offset > 0 && offset + get_size <= size;
> +}
Please don't user inline in .c files. The compiler is better at
deciding than we are.
Also, i wounder about size + offset > 0. size_t is unsigned. So they
cannot be negative. So does this test make sense?
> +static int aqr_fw_boot(struct phy_device *phydev, const u8 *data, size_t size,
> + enum aqr_fw_src fw_src)
> +{
> + u16 calculated_crc, read_crc, read_primary_offset;
> + u32 iram_offset = 0, iram_size = 0;
> + u32 dram_offset = 0, dram_size = 0;
> + char version[VERSION_STRING_SIZE];
> + u32 primary_offset = 0;
> + int ret;
> +
> + /* extract saved CRC at the end of the fw
> + * CRC is saved in big-endian as PHY is BE
> + */
> + ret = aqr_fw_get_be16(data, size - sizeof(u16), size, &read_crc);
> + if (ret) {
> + phydev_err(phydev, "bad firmware CRC in firmware\n");
> + return ret;
> + }
So if size < sizeof(u16), we get a very big positive number. The > 0
test does nothing for you here, but the other half of the test does
trap the issue.
So i think you can remove the > 0 test.
Andrew
