flash/nor/tcl.c: fix flash bank bounds check in 'flash fill' command handler 16/4516/3
authorBohdan Tymkiv <bhdt@cypress.com>
Thu, 3 May 2018 19:50:58 +0000 (22:50 +0300)
committerTomas Vanek <vanekt@fbl.cz>
Wed, 1 Aug 2018 13:32:26 +0000 (14:32 +0100)
Steps to reproduce ( STM32F103 'Blue Pill', 128KiB of flash ):
> flash fillh 0x0801FFFE 00 1
wrote 2 bytes to 0x0801fffe in 0.019088s (0.102 KiB/s)
> flash fillw 0x0801FFFE 00 1
Error: stm32f1x.cpu -- clearing lockup after double fault
Error: error waiting for target flash write algorithm
Error: error writing to flash at address 0x08000000 at offset 0x0001fffe

Change-Id: I145092ec5e45bc586b3df48bf37c38c9226915c1
Signed-off-by: Bohdan Tymkiv <bhdt@cypress.com>
Reviewed-on: http://openocd.zylin.com/4516
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
src/flash/nor/tcl.c

index b4f375f..95ca819 100644 (file)
@@ -506,7 +506,7 @@ COMMAND_HANDLER(handle_flash_fill_command)
        if (count == 0)
                return ERROR_OK;
 
-       if (address + count >= bank->base + bank->size) {
+       if (address + count * wordsize > bank->base + bank->size) {
                LOG_ERROR("Cannot cross flash bank borders");
                return ERROR_FAIL;
        }