From 72aea10e6f77b8ad50acbe7faa6777033e69f132 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Tue, 15 Oct 2024 07:29:20 +0200 Subject: [PATCH] storage/stream_flash: Fix range check in stream_flash_erase_page Added check where stream_flash_erase_page checks if requested offset is actually within stream flash designated area. Fixes #79800 Signed-off-by: Dominik Ermel (cherry picked from commit 8714c172edd1947a6348ac0f669d89668f5896c3) --- include/zephyr/storage/stream_flash.h | 3 ++- subsys/storage/stream/stream_flash.c | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/zephyr/storage/stream_flash.h b/include/zephyr/storage/stream_flash.h index 282e51af9b3b..92f25c907e28 100644 --- a/include/zephyr/storage/stream_flash.h +++ b/include/zephyr/storage/stream_flash.h @@ -141,7 +141,8 @@ int stream_flash_erase_page(struct stream_flash_ctx *ctx, off_t off); * @param settings_key key to use with the settings module for loading * the stream write progress * - * @return non-negative on success, negative errno code on fail + * @return non-negative on success, -ERANGE in case when @p off is out + * of area designated for stream or negative errno code on fail */ int stream_flash_progress_load(struct stream_flash_ctx *ctx, const char *settings_key); diff --git a/subsys/storage/stream/stream_flash.c b/subsys/storage/stream/stream_flash.c index 282b58f1eb90..f49356190649 100644 --- a/subsys/storage/stream/stream_flash.c +++ b/subsys/storage/stream/stream_flash.c @@ -79,6 +79,11 @@ int stream_flash_erase_page(struct stream_flash_ctx *ctx, off_t off) int rc; struct flash_pages_info page; + if (off < ctx->offset || (off - ctx->offset) >= ctx->available) { + LOG_ERR("Offset out of designated range"); + return -ERANGE; + } + rc = flash_get_page_info_by_offs(ctx->fdev, off, &page); if (rc != 0) { LOG_ERR("Error %d while getting page info", rc);