Skip to content

Commit 930af75

Browse files
committed
Return error when read address/length is unaligned
1 parent cbcf25f commit 930af75

File tree

1 file changed

+28
-15
lines changed

1 file changed

+28
-15
lines changed

firmware/nand_programmer.c

Lines changed: 28 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -551,44 +551,57 @@ static int np_nand_read(uint32_t addr, np_page_t *page,
551551

552552
static int _np_cmd_nand_read(np_prog_t *prog)
553553
{
554-
uint32_t addr;
554+
uint32_t addr, len, write_len;
555555
static np_page_t page;
556-
uint32_t write_len;
557556
uint32_t resp_header_size = offsetof(np_resp_t, data);
558557
uint32_t tx_data_len = sizeof(np_packet_send_buf) - resp_header_size;
559558
np_read_cmd_t *read_cmd = (np_read_cmd_t *)prog->rx_buf;
560559
np_resp_t *resp = (np_resp_t *)np_packet_send_buf;
561560

562-
DEBUG_PRINT("Read at 0x%lx %lx bytes command\r\n", read_cmd->addr,
563-
read_cmd->len);
561+
addr = read_cmd->addr;
562+
len = read_cmd->len;
563+
DEBUG_PRINT("Read at 0x%lx 0x%lx bytes command\r\n", addr, len);
564564

565-
if (read_cmd->addr >= prog->chip_info->size)
565+
if (addr + len >= prog->chip_info->size)
566566
{
567-
ERROR_PRINT("Read address 0x%lx is more then chip size 0x%lx\r\n",
568-
read_cmd->addr, prog->chip_info->size);
567+
ERROR_PRINT("Read address 0x%lx+0x%lx is more then chip size 0x%lx\r\n",
568+
addr, len, prog->chip_info->size);
569569
return NP_ERR_ADDR_EXCEEDED;
570570
}
571571

572-
addr = read_cmd->addr;
572+
if (addr & (prog->chip_info->page_size - 1))
573+
{
574+
ERROR_PRINT("Read address 0x%lx is not aligned to page size 0x%lx\r\n",
575+
addr, prog->chip_info->page_size);
576+
return NP_ERR_ADDR_NOT_ALIGN;
577+
}
578+
579+
if (len & (prog->chip_info->page_size - 1))
580+
{
581+
ERROR_PRINT("Read length 0x%lx is not aligned to page size 0x%lx\r\n",
582+
len, prog->chip_info->page_size);
583+
return NP_ERR_LEN_NOT_ALIGN;
584+
}
585+
573586
page.page = addr / prog->chip_info->page_size;
574-
page.offset = addr % prog->chip_info->page_size;
587+
page.offset = 0;
575588

576589
resp->code = NP_RESP_DATA;
577590

578-
while (read_cmd->len)
591+
while (len)
579592
{
580593
if (np_nand_read(addr, &page, prog->chip_info))
581594
return NP_ERR_NAND_RD;
582595

583-
while (page.offset < prog->chip_info->page_size && read_cmd->len)
596+
while (page.offset < prog->chip_info->page_size && len)
584597
{
585598
if (prog->chip_info->page_size - page.offset >= tx_data_len)
586599
write_len = tx_data_len;
587600
else
588601
write_len = prog->chip_info->page_size - page.offset;
589602

590-
if (write_len > read_cmd->len)
591-
write_len = read_cmd->len;
603+
if (write_len > len)
604+
write_len = len;
592605

593606
memcpy(resp->data, page.buf + page.offset, write_len);
594607

@@ -602,10 +615,10 @@ static int _np_cmd_nand_read(np_prog_t *prog)
602615
}
603616

604617
page.offset += write_len;
605-
read_cmd->len -= write_len;
618+
len -= write_len;
606619
}
607620

608-
if (read_cmd->len)
621+
if (len)
609622
{
610623
addr += prog->chip_info->page_size;
611624
if (addr >= prog->chip_info->size)

0 commit comments

Comments
 (0)