On Sun, Dec 11, 2016 at 12:03:49AM -0800, Dmitry Torokhov wrote:
> On Sun, Dec 11, 2016 at 12:18:26AM +0000, Nick Dyer wrote:
> > +static void rmi_f34v7_parse_img_header_10_bl_container(struct f34_data *f34,
> > + const u8 *image)
> > +{
> > + int i;
> > + int num_of_containers;
> > + unsigned int addr;
> > + unsigned int container_id;
> > + unsigned int length;
> > + const u8 *content;
> > + struct container_descriptor *descriptor;
> > +
> > + BUG_ON(f34->v7.img.bootloader.size < 4);
>
> Killing the box because you got bad firmware is not very nice...
>
> > +
> > + num_of_containers = (f34->v7.img.bootloader.size - 4) / 4;
>
> Wouldn't
>
> num_of_containes = f34->v7.img.bootloader.size / 4 - 1;
>
> give the same result but be less "suspicious". The variable is 'int' so
> for size < 4 we'll get a negative and the loop won't execute.
Neat!
> > +
> > + for (i = 1; i <= num_of_containers; i++) {
> > + addr = get_unaligned_le32(f34->v7.img.bootloader.data + i*4);
> > + descriptor = (struct container_descriptor *)(image + addr);
>
> This casts away constness, which is not nice. DOes it still work if you
> apply the below on top?
I've run it through a few flash cycles with no issues.
Tested-by: Nick Dyer <nick@xxxxxxxxxxxxx>
> Thanks!
Thanks for your help with this.
>
> --
> Dmitry
>
>
> Input: synaptics-rmi4 - misc f34v7 changes
>
> From: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
> ---
> drivers/input/rmi4/rmi_f34.h | 6 ++--
> drivers/input/rmi4/rmi_f34v7.c | 64 ++++++++++++++++------------------------
> 2 files changed, 28 insertions(+), 42 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
