From ed80c931ba7781e6605b9bdaa2a0d58ef365fe71 Mon Sep 17 00:00:00 2001 From: Taylor Hutt Date: Thu, 22 Nov 2012 09:13:00 +0000 Subject: [PATCH] mmc: Fix incorrect handling of 'read' & 'write' commands If a malformed 'read' or 'write' command is issued, the Sandbox U-Boot can crash because the command-handling code does no error checking on the number of provided arguments. This change makes the mmc 'erase', 'read' and 'write' commands only function if the proper number of arguments are supplied. Also puts the else assignment at the beginning fo the if() statement to shortens the generated code. This removes an unnecessary jump from the generated code. Signed-off-by: Taylor Hutt Signed-off-by: Simon Glass Signed-off-by: Andy Fleming --- common/cmd_mmc.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/common/cmd_mmc.c b/common/cmd_mmc.c index 4c19df727a..7dacd5114c 100644 --- a/common/cmd_mmc.c +++ b/common/cmd_mmc.c @@ -250,14 +250,13 @@ static int do_mmcops(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return 0; } - if (strcmp(argv[1], "read") == 0) + state = MMC_INVALID; + if (argc == 5 && strcmp(argv[1], "read") == 0) state = MMC_READ; - else if (strcmp(argv[1], "write") == 0) + else if (argc == 5 && strcmp(argv[1], "write") == 0) state = MMC_WRITE; - else if (strcmp(argv[1], "erase") == 0) + else if (argc == 4 && strcmp(argv[1], "erase") == 0) state = MMC_ERASE; - else - state = MMC_INVALID; if (state != MMC_INVALID) { struct mmc *mmc = find_mmc_device(curr_device);