[flashrom] [PATCH 2/2] dediprog: Fix bug where too many transfers would be queued
Nico Huber
nico.huber at secunet.com
Wed May 4 13:37:11 CEST 2016
We didn't check the total number of queued transfers in the inner most
loop. Up to DEDIPROG_ASYNC_TRANSFERS - 1 invalid transfers could be
queued therefore. So add another check on the total number.
Signed-off-by: Nico Huber <nico.huber at secunet.com>
---
dediprog.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dediprog.c b/dediprog.c
index b7276e5..6f82772 100644
--- a/dediprog.c
+++ b/dediprog.c
@@ -462,7 +462,9 @@ static int dediprog_spi_bulk_read(struct flashctx *flash, uint8_t *buf, unsigned
/* Now transfer requested chunks using libusb's asynchronous interface. */
while (!status.error && (status.queued_idx < count)) {
- while ((status.queued_idx - status.finished_idx) < DEDIPROG_ASYNC_TRANSFERS) {
+ while ((status.queued_idx < count) &&
+ (status.queued_idx - status.finished_idx) < DEDIPROG_ASYNC_TRANSFERS)
+ {
transfer = transfers[status.queued_idx % DEDIPROG_ASYNC_TRANSFERS];
libusb_fill_bulk_transfer(transfer, dediprog_handle, 0x80 | dediprog_in_endpoint,
(unsigned char *)buf + status.queued_idx * chunksize, chunksize,
--
2.7.0
More information about the flashrom
mailing list