19 Dec
2014
19 Dec
'14
4:02 p.m.
On 2014-12-17 23:11, Anton Lundin wrote:
+static dc_status_t +hw_ostc3_firmware_block_write (hw_ostc3_device_t *device, unsigned int addr, unsigned char block[], unsigned int block_size) +{
- unsigned char buffer[3 + SZ_FIRMWARE_BLOCK];
- // We currenty only support writing SZ_FIRMWARE_BLOCK sized blocks.
- if (block_size > SZ_FIRMWARE_BLOCK)
return DC_STATUS_INVALIDARGS;- array_uint24_be_set(buffer, addr);
- memcpy(buffer + 3, block, block_size);
- return hw_ostc3_transfer (device, NULL, S_BLOCK_WRITE, buffer,
sizeof(buffer), NULL, 0); +}
I assume the check was supposed to be '!=' instead of '>'? Right now, if someone happens to call this function with less than SZ_FIRMWARE_BLOCK bytes, we send uninitialized data to the ostc3. If we check, we better do it right.
Jef