19 Dec
2014
19 Dec
'14
11:01 p.m.
On 19 December, 2014 - Jef Driesen wrote:
On 2014-12-17 23:11, Anton Lundin wrote:
+static dc_status_t +hw_ostc3_firmware_block_write (hw_ostc3_device_t *device, unsigned int addr, unsigned char block[], unsigned int block_size) +{
- unsigned char buffer[3 + SZ_FIRMWARE_BLOCK];
- // We currenty only support writing SZ_FIRMWARE_BLOCK sized blocks.
- if (block_size > SZ_FIRMWARE_BLOCK)
return DC_STATUS_INVALIDARGS;- array_uint24_be_set(buffer, addr);
- memcpy(buffer + 3, block, block_size);
- return hw_ostc3_transfer (device, NULL, S_BLOCK_WRITE, buffer,
sizeof(buffer), NULL, 0); +}
I assume the check was supposed to be '!=' instead of '>'? Right now, if someone happens to call this function with less than SZ_FIRMWARE_BLOCK bytes, we send uninitialized data to the ostc3. If we check, we better do it right.
The right fix here is rather to change the isize parameter to be block_size + 3 instead of sizeof(buffer).
You can write byte-by-byte of memory with this call to the device, or write the whole firmware in one go, but i haven't tested any of them.
//Anton
--
Anton Lundin +46702-161604