dfu: dfu_get_buf: check the value of env dfu_bufsiz before use

In function dfu_get_buf(), the size of allocated buffer could
be defined by the env variable. The size from this variable
was passed for memalign() without checking its value.
And the the memalign will return non null pointer for size 0.

This could possibly cause data abort, so now the value of var
is checked before use. And if this variable is set to 0 then
the default size will be used.

This commit also changes the base passed to simple_strtoul()
to 0. Now decimal and hex values can be used for the variable
dfu_bufsiz.

Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]

diff --git a/drivers/dfu/dfu.c b/drivers/dfu/dfu.c
index 10cb395cf9634fb9a393d0277f908adf20baa253..7d1a0b81c647507e52a96230399031d2f109a0aa 100644 (file)
--- a/drivers/dfu/dfu.c
+++ b/drivers/dfu/dfu.c
@@ -107,8 +107,12 @@ unsigned char *dfu_get_buf(struct dfu_entity *dfu)
                return dfu_buf;
 
        s = getenv("dfu_bufsiz");
-       dfu_buf_size = s ? (unsigned long)simple_strtol(s, NULL, 16) :
-                       CONFIG_SYS_DFU_DATA_BUF_SIZE;
+       if (s)
+               dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
+
+       if (!s || !dfu_buf_size)
+               dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
+
        if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
                dfu_buf_size = dfu->max_buf_size;