Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 35ced477 authored by FUKAUMI Naoki's avatar FUKAUMI Naoki Committed by Koushik Dutta
Browse files

mtdutils: fix crash on large erase block 

allocate heap instead of stack for verify[]. otherwise it crashes on large erase block size e.g. 8MiB.

Change-Id: Ifaeb1e381af2b4bbdbeb7337848818299d7f441b
parent c9d07dc2

mtdutils/mtdutils.c

+8 −1
Original line number Diff line number Diff line
@@ -406,6 +406,11 @@ static int write_block(MtdWriteContext *ctx, const char *data) 
    if (pos == (off_t) -1) return 1;



    ssize_t size = partition->erase_size;



    char *verify = malloc(size);

    if (verify == NULL)

        return 1;



    while (pos + size <= (int) partition->size) {

        loff_t bpos = pos;

        int ret = ioctl(fd, MEMGETBADBLOCK, &bpos);
@@ -434,7 +439,6 @@ static int write_block(MtdWriteContext *ctx, const char *data) 
                        pos, strerror(errno));

            }



            char verify[size];

            if (lseek(fd, pos, SEEK_SET) != pos ||

                read(fd, verify, size) != size) {

                fprintf(stderr, "mtd: re-read error at 0x%08lx (%s)\n",
@@ -451,6 +455,7 @@ static int write_block(MtdWriteContext *ctx, const char *data) 
                fprintf(stderr, "mtd: wrote block after %d retries\n", retry);

            }

            fprintf(stderr, "mtd: successfully wrote block at %llx\n", pos);

            free(verify);

            return 0;  // Success!

        }
@@ -461,6 +466,8 @@ static int write_block(MtdWriteContext *ctx, const char *data) 
        pos += partition->erase_size;

    }



    free(verify);



    // Ran out of space on the device

    errno = ENOSPC;

    return -1;