From 9a91980562fcaadd748404af05d2a23361632378 Mon Sep 17 00:00:00 2001 From: Barabas Date: Tue, 10 Dec 2024 14:37:45 +0000 Subject: [PATCH] Fix off by one error in SPI bootloader s4 contains the number of bytes copied so far, and s0 contains the number of bytes to copy. When these are equal, we have copied everything and we shouldn't run one more iteration. If we run the extra iteration and the flash image is being loaded so it lines up with the end of system memory, this causes a write past the end of system memory. --- sw/spi_uimage_loader.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sw/spi_uimage_loader.S b/sw/spi_uimage_loader.S index d323944..1d58cc6 100644 --- a/sw/spi_uimage_loader.S +++ b/sw/spi_uimage_loader.S @@ -146,7 +146,7 @@ copy_to_ram: addi s4, s4, 4 /* Check if file is completely copied */ - bge s0, s4, copy_to_ram + bgt s0, s4, copy_to_ram /* Jump to entry point */ goto_reset: