From 8c21659d2a81912c2d591d3889893040d1aa9028 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98yvind=20Harboe?= Date: Fri, 10 Sep 2010 10:22:14 +0200 Subject: [PATCH] cfi: random crash in cfi_probe() fixed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit for non_cfi cfi chips free() was invoked on rodata. The mystery is why this bug has survived for so long. Signed-off-by: Øyvind Harboe --- src/flash/nor/non_cfi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/flash/nor/non_cfi.c b/src/flash/nor/non_cfi.c index e0ea568ae..569ffc5f8 100644 --- a/src/flash/nor/non_cfi.c +++ b/src/flash/nor/non_cfi.c @@ -486,7 +486,11 @@ void cfi_fixup_non_cfi(struct flash_bank *bank) cfi_info->max_buf_write_size = non_cfi->max_buf_write_size; cfi_info->status_poll_mask = non_cfi->status_poll_mask; cfi_info->num_erase_regions = non_cfi->num_erase_regions; - cfi_info->erase_region_info = non_cfi->erase_region_info; + size_t erase_region_info_size = sizeof(*cfi_info->erase_region_info) * + cfi_info->num_erase_regions; + cfi_info->erase_region_info = malloc(erase_region_info_size); + memcpy(cfi_info->erase_region_info, + non_cfi->erase_region_info, erase_region_info_size); cfi_info->dev_size = non_cfi->dev_size; if (cfi_info->pri_id == 0x2)