On Tue, Aug 25, 2020 at 5:27 AM Ley Foon Tan <ley.foon....@intel.com> wrote:
>
> tftp_cur_block start with 1 for first block, but tftp_cur_block counter is
> start with zero when block number is rollover. The existing code
> "tftp_cur_block - 1" will cause the block number become -1 in store_block()
> when tftp_cur_block is 0 when tftp_cur_block is rollover.
>
> The fix pass in tftp_cur_block to store_block() and minus the
> tftp_block_size when do the offset calculation.
>
> Signed-off-by: Ley Foon Tan <ley.foon....@intel.com>
> ---
>  net/tftp.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/net/tftp.c b/net/tftp.c
> index 9ca7db256112..6e68a427d4cf 100644
> --- a/net/tftp.c
> +++ b/net/tftp.c
> @@ -143,7 +143,8 @@ static unsigned short tftp_block_size_option = 
> CONFIG_TFTP_BLOCKSIZE;
>
>  static inline int store_block(int block, uchar *src, unsigned int len)
>  {
> -       ulong offset = block * tftp_block_size + tftp_block_wrap_offset;
> +       ulong offset = block * tftp_block_size + tftp_block_wrap_offset -
> +                       tftp_block_size;
>         ulong newsize = offset + len;
>         ulong store_addr = tftp_load_addr + offset;
>  #ifdef CONFIG_SYS_DIRECT_FLASH_TFTP
> @@ -597,7 +598,7 @@ static void tftp_handler(uchar *pkt, unsigned dest, 
> struct in_addr sip,
>                 timeout_count_max = tftp_timeout_count_max;
>                 net_set_timeout_handler(timeout_ms, tftp_timeout_handler);
>
> -               if (store_block(tftp_cur_block - 1, pkt + 2, len)) {
> +               if (store_block(tftp_cur_block, pkt + 2, len)) {
>                         eth_halt();
>                         net_set_state(NETLOOP_FAIL);
>                         break;
> --
> 2.19.0
>
Reviewed-By: Ramon Fried <rfried....@gmail.com>

Reply via email to