On Wednesday, December 16, 2015 at 03:58:48 AM, Stephen Warren wrote: > On 12/12/2015 09:17 PM, Stefan Brüns wrote: > > flush_dcache_range may access data after priv->aligned_buffer end if > > len > DWC2_DATA_BUF_SIZE. > > memcpy may access data after buffer end if done > 0 > > Acked-by: Stephen Warren <[email protected]> > > Uggh; icky bug:-( > > > @@ -823,12 +823,13 @@ int chunk_msg(struct dwc2_priv *priv, struct > > usb_device *dev, > > > > (*pid << DWC2_HCTSIZ_PID_OFFSET), > > &hc_regs->hctsiz); > > > > - if (!in) { > > - memcpy(priv->aligned_buffer, (char *)buffer + done, len); > > + if (!in && xfer_len) { > > Do zero-length memcpy or flush_dcache_range actually cause an issue?
I believe they should not, based on how they are implemented. Best regards, Marek Vasut _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
