From d87a9b8e67105b29e0f54b99e4322c4090a925c4 Mon Sep 17 00:00:00 2001
From: Richard Spiegel <richard.spiegel@amd.corp-partner.google.com>
Date: Tue, 7 Aug 2018 16:41:02 -0700
Subject: drivers/spi/spi_flash.c: Check input parameter

In procedure spi_flash_cmd_erase(), parameter "len" is not validated and
could lead to the return of an invalid (non-initialized) value. Validate
the parameter early on.

BUG=b:112253891
TEST=Build and boot grunt.

Change-Id: I0b5129a15c9e0ea45f4dba4ab0729196cb64699b
Signed-off-by: Richard Spiegel <richard.spiegel@silverbackltd.com>
Reviewed-on: https://review.coreboot.org/27952
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
---
 src/drivers/spi/spi_flash.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/drivers')

diff --git a/src/drivers/spi/spi_flash.c b/src/drivers/spi/spi_flash.c
index 9cb10855fa..f2714791db 100644
--- a/src/drivers/spi/spi_flash.c
+++ b/src/drivers/spi/spi_flash.c
@@ -206,6 +206,10 @@ int spi_flash_cmd_erase(const struct spi_flash *flash, u32 offset, size_t len)
 		printk(BIOS_WARNING, "SF: Erase offset/length not multiple of erase size\n");
 		return -1;
 	}
+	if (len == 0) {
+		printk(BIOS_WARNING, "SF: Erase length cannot be 0\n");
+		return -1;
+	}
 
 	cmd[0] = flash->erase_cmd;
 	start = offset;
-- 
cgit v1.2.3