Patchwork [2/2] dediprog: Fix bug where too many transfers would be queued

login
register
about
Submitter Nico Huber
Date 2016-05-04 11:37:11
Message ID <1462361831-30320-2-git-send-email-nico.huber@secunet.com>
Download mbox | patch
Permalink /patch/4442/
State Accepted
Headers show

Comments

Nico Huber - 2016-05-04 11:37:11
We didn't check the total number of queued transfers in the inner most
loop. Up to DEDIPROG_ASYNC_TRANSFERS - 1 invalid transfers could be
queued therefore. So add another check on the total number.

Signed-off-by: Nico Huber <nico.huber@secunet.com>
---
 dediprog.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
David Hendricks - 2016-05-07 21:45:33
Looks good to me.

Acked-by: David Hendricks <david.hendricks@gmail.com>

On Wed, May 4, 2016 at 4:37 AM, Nico Huber <nico.huber@secunet.com> wrote:

> We didn't check the total number of queued transfers in the inner most
> loop. Up to DEDIPROG_ASYNC_TRANSFERS - 1 invalid transfers could be
> queued therefore. So add another check on the total number.
>
> Signed-off-by: Nico Huber <nico.huber@secunet.com>
> ---
>  dediprog.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/dediprog.c b/dediprog.c
> index b7276e5..6f82772 100644
> --- a/dediprog.c
> +++ b/dediprog.c
> @@ -462,7 +462,9 @@ static int dediprog_spi_bulk_read(struct flashctx
> *flash, uint8_t *buf, unsigned
>
>         /* Now transfer requested chunks using libusb's asynchronous
> interface. */
>         while (!status.error && (status.queued_idx < count)) {
> -               while ((status.queued_idx - status.finished_idx) <
> DEDIPROG_ASYNC_TRANSFERS) {
> +               while ((status.queued_idx < count) &&
> +                      (status.queued_idx - status.finished_idx) <
> DEDIPROG_ASYNC_TRANSFERS)
> +               {
>                         transfer = transfers[status.queued_idx %
> DEDIPROG_ASYNC_TRANSFERS];
>                         libusb_fill_bulk_transfer(transfer,
> dediprog_handle, 0x80 | dediprog_in_endpoint,
>                                         (unsigned char *)buf +
> status.queued_idx * chunksize, chunksize,
> --
> 2.7.0
>
>
> _______________________________________________
> flashrom mailing list
> flashrom@flashrom.org
> https://www.flashrom.org/mailman/listinfo/flashrom
>

Patch

diff --git a/dediprog.c b/dediprog.c
index b7276e5..6f82772 100644
--- a/dediprog.c
+++ b/dediprog.c
@@ -462,7 +462,9 @@  static int dediprog_spi_bulk_read(struct flashctx *flash, uint8_t *buf, unsigned
 
 	/* Now transfer requested chunks using libusb's asynchronous interface. */
 	while (!status.error && (status.queued_idx < count)) {
-		while ((status.queued_idx - status.finished_idx) < DEDIPROG_ASYNC_TRANSFERS) {
+		while ((status.queued_idx < count) &&
+		       (status.queued_idx - status.finished_idx) < DEDIPROG_ASYNC_TRANSFERS)
+		{
 			transfer = transfers[status.queued_idx % DEDIPROG_ASYNC_TRANSFERS];
 			libusb_fill_bulk_transfer(transfer, dediprog_handle, 0x80 | dediprog_in_endpoint,
 					(unsigned char *)buf + status.queued_idx * chunksize, chunksize,