[git commit] nanddump: correct rounding to next page (lead to infinite loop)

Denys Vlasenko vda.linux at googlemail.com
Wed Jun 25 14:37:37 UTC 2014


commit: http://git.busybox.net/busybox/commit/?id=cbf3bfa57a419202c2bc26f3ff8ae21d3d3bf8b2
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master

The rounding to next page formula was wrong:
ex: (len | ~(meminfo->writesize - 1)) + 1;
len=128K
writesize=4K
(len | ~(meminfo->writesize - 1)) + 1 => 4 294 963 201 ?!

correct rounding formula:
((len - 1) | (meminfo->writesize - 1)) + 1 => 128K
len = 130K
((len - 1) | (meminfo->writesize - 1)) + 1 => 132K

modprobe nandsim parts="20,20" badblocks="22,23"

without patch:
nanddump  /dev/mtd1 | wc -c
[...] infinite loop

with the patch:
nanddump /dev/mtd1 | wc -c
327680

Signed-off-by: Richard Genoud <richard.genoud at gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 miscutils/nandwrite.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/miscutils/nandwrite.c b/miscutils/nandwrite.c
index e3f9b56..8c4da80 100644
--- a/miscutils/nandwrite.c
+++ b/miscutils/nandwrite.c
@@ -64,8 +64,8 @@ static void dump_bad(struct mtd_info_user *meminfo, unsigned len, int oob)
 	unsigned char buf[meminfo->writesize];
 	unsigned count;
 
-	/* round len to the next page */
-	len = (len | ~(meminfo->writesize - 1)) + 1;
+	/* round len to the next page only if len is not already on a page */
+	len = ((len - 1) | (meminfo->writesize - 1)) + 1;
 
 	memset(buf, 0xff, sizeof(buf));
 	for (count = 0; count < len; count += meminfo->writesize) {


More information about the busybox-cvs mailing list