cros_ec: Fix issue with cros_ec_flash_write command

author Moritz Fischer <moritz.fischer@ettus.com>

Mon, 12 Sep 2016 19:57:52 +0000 (12:57 -0700)

committer sjg <sjg@chromium.org>

Sun, 9 Oct 2016 15:30:32 +0000 (09:30 -0600)
author Moritz Fischer <moritz.fischer@ettus.com>
Mon, 12 Sep 2016 19:57:52 +0000 (12:57 -0700)
committer sjg <sjg@chromium.org>
Sun, 9 Oct 2016 15:30:32 +0000 (09:30 -0600)
diff --git a/drivers/misc/cros_ec.c b/drivers/misc/cros_ec.c

index 05f1f600bd6f28ce2aefd93c26b2b0fb06373912..1e5bcb0c568e1ea64965535ab782856bb9821ba3 100644 (file)
--- a/drivers/misc/cros_ec.c
+++ b/drivers/misc/cros_ec.c
@@ -750,15 +750,24 @@ int cros_ec_flash_erase(struct cros_ec_dev *dev, uint32_t offset, uint32_t size)
  static int cros_ec_flash_write_block(struct cros_ec_dev *dev,
                 const uint8_t *data, uint32_t offset, uint32_t size)
  {
-       struct ec_params_flash_write p;
+       struct ec_params_flash_write *p;
+       int ret;
  
-       p.offset = offset;
-       p.size = size;
-       assert(data && p.size <= EC_FLASH_WRITE_VER0_SIZE);
-       memcpy(&p + 1, data, p.size);
+       p = malloc(sizeof(*p) + size);
+       if (!p)
+               return -ENOMEM;
+
+       p->offset = offset;
+       p->size = size;
+       assert(data && p->size <= EC_FLASH_WRITE_VER0_SIZE);
+       memcpy(p + 1, data, p->size);
  
-       return ec_command_inptr(dev, EC_CMD_FLASH_WRITE, 0,
-                         &p, sizeof(p), NULL, 0) >= 0 ? 0 : -1;
+       ret = ec_command_inptr(dev, EC_CMD_FLASH_WRITE, 0,
+                         p, sizeof(*p) + size, NULL, 0) >= 0 ? 0 : -1;
+
+       free(p);
+
+       return ret;
  }
  
  /**
author	Moritz Fischer <moritz.fischer@ettus.com>
	Mon, 12 Sep 2016 19:57:52 +0000 (12:57 -0700)
committer	sjg <sjg@chromium.org>
	Sun, 9 Oct 2016 15:30:32 +0000 (09:30 -0600)