aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/files
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/generic/files')
-rw-r--r--target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_uimage.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_uimage.c b/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_uimage.c
index eb4729a765..2bb5e9aff8 100644
--- a/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_uimage.c
+++ b/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_uimage.c
@@ -20,6 +20,12 @@
#include "mtdsplit.h"
+/*
+ * uimage_header itself is only 64B, but it may be prepended with another data.
+ * Currently the biggest size is for Edimax devices: 20B + 64B
+ */
+#define MAX_HEADER_LEN 84
+
#define IH_MAGIC 0x27051956 /* Image Magic Number */
#define IH_NMLEN 32 /* Image Name Length */
@@ -48,15 +54,12 @@ struct uimage_header {
};
static int
-read_uimage_header(struct mtd_info *mtd, size_t offset,
- u_char *buf)
+read_uimage_header(struct mtd_info *mtd, size_t offset, u_char *buf,
+ size_t header_len)
{
- struct uimage_header *header;
- size_t header_len;
size_t retlen;
int ret;
- header_len = sizeof(*header);
ret = mtd_read(mtd, offset, header_len, &retlen, buf);
if (ret) {
pr_debug("read error in \"%s\"\n", mtd->name);
@@ -84,7 +87,6 @@ static int __mtdsplit_parse_uimage(struct mtd_info *master,
{
struct mtd_partition *parts;
u_char *buf;
- struct uimage_header *header;
int nr_parts;
size_t offset;
size_t uimage_offset;
@@ -99,7 +101,7 @@ static int __mtdsplit_parse_uimage(struct mtd_info *master,
if (!parts)
return -ENOMEM;
- buf = vmalloc(sizeof(*header));
+ buf = vmalloc(MAX_HEADER_LEN);
if (!buf) {
ret = -ENOMEM;
goto err_free_parts;
@@ -107,9 +109,11 @@ static int __mtdsplit_parse_uimage(struct mtd_info *master,
/* find uImage on erase block boundaries */
for (offset = 0; offset < master->size; offset += master->erasesize) {
+ struct uimage_header *header;
+
uimage_size = 0;
- ret = read_uimage_header(master, offset, buf);
+ ret = read_uimage_header(master, offset, buf, sizeof(*buf));
if (ret)
continue;