From 52177592f9d3afc6a008f8e1b321cf74e823018f Mon Sep 17 00:00:00 2001
From: Evgeniy Naydanov <109669442+en-sc@users.noreply.github.com>
Date: Mon, 1 Aug 2022 18:46:36 +0300
Subject: [PATCH] Fix overflow issue in write_memory_progbuf (#714)

If range's upper bound was equal to 2^64 or the range was wrapping around 0
(which is perfectly legal), writes were not performed due to riscv_addr_t
overflow.
---
 src/target/riscv/riscv-013.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/target/riscv/riscv-013.c b/src/target/riscv/riscv-013.c
index fec994d28..32b9cf7ff 100644
--- a/src/target/riscv/riscv-013.c
+++ b/src/target/riscv/riscv-013.c
@@ -3834,10 +3834,10 @@ static int write_memory_progbuf(struct target *target, target_addr_t address,
 	riscv_program_write(&program);
 
 	riscv_addr_t cur_addr = address;
-	riscv_addr_t fin_addr = address + (count * size);
+	riscv_addr_t distance = (riscv_addr_t)count * size;
 	bool setup_needed = true;
-	LOG_DEBUG("writing until final address 0x%016" PRIx64, fin_addr);
-	while (cur_addr < fin_addr) {
+	LOG_DEBUG("writing until final address 0x%016" PRIx64, cur_addr + distance);
+	while (cur_addr - address < distance) {
 		LOG_DEBUG("transferring burst starting at address 0x%016" PRIx64,
 				cur_addr);
 
@@ -3849,14 +3849,12 @@ static int write_memory_progbuf(struct target *target, target_addr_t address,
 			goto error;
 
 		/* To write another word, we put it in S1 and execute the program. */
-		unsigned start = (cur_addr - address) / size;
-		for (unsigned i = start; i < count; ++i) {
-			unsigned offset = size*i;
+		for (riscv_addr_t offset = cur_addr - address; offset < distance; offset += size) {
 			const uint8_t *t_buffer = buffer + offset;
 
 			uint64_t value = buf_get_u64(t_buffer, 0, 8 * size);
 
-			log_memory_access(address + offset, value, size, false);
+			log_memory_access(cur_addr, value, size, false);
 			cur_addr += size;
 
 			if (setup_needed) {