nvm_select_fresh_sector: fix flag offset

danielinux · danielinux · commit 230174e2f7c9 · 2024-07-16T16:16:46.000+02:00
The offset for the sector flags position to compare the two
redundant blocks with NVM_FLASH_WRITEONCE mode was wrong, resulting
in a negative offset, which in turn caused an out-of-bound access
outside of the UPDATE partition space.
diff --git a/src/libwolfboot.c b/src/libwolfboot.c
@@ -308,8 +308,8 @@ static int RAMFUNCTION nvm_select_fresh_sector(int part)
                 break;
             }
             /* Examine previous position one byte ahead */
-            byte_0 = get_base_offset(base, (1 - off));
-            byte_1 = get_base_offset(base, (1 - (WOLFBOOT_SECTOR_SIZE + off)));
+            byte_0 = get_base_offset(base, (off - 1));
+            byte_1 = get_base_offset(base, ((WOLFBOOT_SECTOR_SIZE + off) - 1));
 
             sel = FLAG_CMP(byte_0, byte_1);
             break;
