pfw = fw_entry->data;
size = fw_entry->size;
+ if (size < 4)
+ goto err_fw_corrupted;
crc = FW_GET_LONG(pfw);
pfw += 4;
size -= 4;
- if (crc32_be(0, pfw, size) != crc) {
- uea_err(usb, "firmware is corrupted\n");
- goto err;
- }
+ if (crc32_be(0, pfw, size) != crc)
+ goto err_fw_corrupted;
/*
* Start to upload formware : send reset
goto err;
}
- while (size > 0) {
+ while (size > 3) {
u8 len = FW_GET_BYTE(pfw);
u16 add = FW_GET_WORD(pfw + 1);
+
+ size -= len + 3;
+ if (size < 0)
+ goto err_fw_corrupted;
+
ret = uea_send_modem_cmd(usb, add, len, pfw + 3);
if (ret < 0) {
uea_err(usb, "uploading firmware data failed "
goto err;
}
pfw += len + 3;
- size -= len + 3;
}
+ if (size != 0)
+ goto err_fw_corrupted;
+
/*
* Tell the modem we finish : de-assert reset
*/
else
uea_info(usb, "firmware uploaded\n");
+ uea_leaves(usb);
+ return;
+
+err_fw_corrupted:
+ uea_err(usb, "firmware is corrupted\n");
err:
uea_leaves(usb);
}
u32 pageoffset;
unsigned int i, j, p, pp;
- /* enough space for pagecount? */
- if (len < 1)
- return 1;
-
pagecount = FW_GET_BYTE(dsp);
p = 1;
git.openpandora.org / pandora-kernel.git / commitdiff