cmd_jffs2: Fix get_part_sector_size_nor() overflow bug

When a flash partition was positioned at the very top of a 32-bit memory
map (eg located at 0xf8000000 with a size of 0x8000000)
get_part_sector_size_nor() would incorrectly calculate the partition's
ending address to 0x0 due to overflow.  When the overflow occurred
get_part_sector_size_nor() would falsely return a sector size of 0.
A sector size of 0 results in subsequent jffs2 operations failing.

To workaround the overflow subtract 1 from calculated address of
the partition endpoint.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>

diff --git a/common/cmd_jffs2.c b/common/cmd_jffs2.c
index 0e7a6b0..27296dd 100644 (file)
--- a/common/cmd_jffs2.c
+++ b/common/cmd_jffs2.c
@@ -281,7 +281,7 @@ static inline u32 get_part_sector_size_nor(struct mtdids *id, struct part_info *
        flash = &flash_info[id->num];
 
        start_phys = flash->start[0] + part->offset;
-       end_phys = start_phys + part->size;
+       end_phys = start_phys + part->size - 1;
 
        for (i = 0; i < flash->sector_count; i++) {
                if (flash->start[i] >= end_phys)