From ae0bdf09ca9737d5db9453966cf4705bdd420d31 Mon Sep 17 00:00:00 2001 From: Ley Foon Tan Date: Tue, 25 Aug 2020 10:26:36 +0800 Subject: net: tftp: Fix store_block offset calculation tftp_cur_block start with 1 for first block, but tftp_cur_block counter is start with zero when block number is rollover. The existing code "tftp_cur_block - 1" will cause the block number become -1 in store_block() when tftp_cur_block is 0 when tftp_cur_block is rollover. The fix pass in tftp_cur_block to store_block() and minus the tftp_block_size when do the offset calculation. Signed-off-by: Ley Foon Tan Reviewed-By: Ramon Fried --- net/tftp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/tftp.c b/net/tftp.c index 380094d493..1c003871c1 100644 --- a/net/tftp.c +++ b/net/tftp.c @@ -159,7 +159,8 @@ static unsigned short tftp_window_size_option = TFTP_WINDOWSIZE; static inline int store_block(int block, uchar *src, unsigned int len) { - ulong offset = block * tftp_block_size + tftp_block_wrap_offset; + ulong offset = block * tftp_block_size + tftp_block_wrap_offset - + tftp_block_size; ulong newsize = offset + len; ulong store_addr = tftp_load_addr + offset; #ifdef CONFIG_SYS_DIRECT_FLASH_TFTP @@ -652,7 +653,7 @@ static void tftp_handler(uchar *pkt, unsigned dest, struct in_addr sip, timeout_count_max = tftp_timeout_count_max; net_set_timeout_handler(timeout_ms, tftp_timeout_handler); - if (store_block(tftp_cur_block - 1, pkt + 2, len)) { + if (store_block(tftp_cur_block, pkt + 2, len)) { eth_halt(); net_set_state(NETLOOP_FAIL); break; -- cgit v1.2.1