From 40006813c3e053e4cf952bfdd32866ce9496b0f8 Mon Sep 17 00:00:00 2001
From: Andrew Leech <andrew.leech@planetinnovation.com.au>
Date: Tue, 30 Jun 2020 16:33:32 +1000
Subject: [PATCH] stm32/flash: Update flash_get_sector_info to return -1 on
 invalid addr.

So the caller can tell when an invalid address is used and can take
appropriate action.
---
 ports/stm32/flash.c      |  4 ++--
 ports/stm32/flash.h      |  2 +-
 ports/stm32/flashbdev.c  |  4 ++--
 ports/stm32/mboot/main.c | 23 +++++++++++++----------
 4 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/ports/stm32/flash.c b/ports/stm32/flash.c
index 5f96696a9..499129a6f 100644
--- a/ports/stm32/flash.c
+++ b/ports/stm32/flash.c
@@ -151,7 +151,7 @@ bool flash_is_valid_addr(uint32_t addr) {
     return flash_layout[0].base_address <= addr && addr < end_of_flash;
 }
 
-uint32_t flash_get_sector_info(uint32_t addr, uint32_t *start_addr, uint32_t *size) {
+int32_t flash_get_sector_info(uint32_t addr, uint32_t *start_addr, uint32_t *size) {
     if (addr >= flash_layout[0].base_address) {
         uint32_t sector_index = 0;
         for (int i = 0; i < MP_ARRAY_SIZE(flash_layout); ++i) {
@@ -172,7 +172,7 @@ uint32_t flash_get_sector_info(uint32_t addr, uint32_t *start_addr, uint32_t *si
             }
         }
     }
-    return 0;
+    return -1;
 }
 
 int flash_erase(uint32_t flash_dest, uint32_t num_word32) {
diff --git a/ports/stm32/flash.h b/ports/stm32/flash.h
index 12cdaca55..ecda923db 100644
--- a/ports/stm32/flash.h
+++ b/ports/stm32/flash.h
@@ -27,7 +27,7 @@
 #define MICROPY_INCLUDED_STM32_FLASH_H
 
 bool flash_is_valid_addr(uint32_t addr);
-uint32_t flash_get_sector_info(uint32_t addr, uint32_t *start_addr, uint32_t *size);
+int32_t flash_get_sector_info(uint32_t addr, uint32_t *start_addr, uint32_t *size);
 int flash_erase(uint32_t flash_dest, uint32_t num_word32);
 int flash_write(uint32_t flash_dest, const uint32_t *src, uint32_t num_word32);
 
diff --git a/ports/stm32/flashbdev.c b/ports/stm32/flashbdev.c
index e105bd353..4153a713c 100644
--- a/ports/stm32/flashbdev.c
+++ b/ports/stm32/flashbdev.c
@@ -181,7 +181,7 @@ int32_t flash_bdev_ioctl(uint32_t op, uint32_t arg) {
 static uint8_t *flash_cache_get_addr_for_write(uint32_t flash_addr) {
     uint32_t flash_sector_start;
     uint32_t flash_sector_size;
-    uint32_t flash_sector_id = flash_get_sector_info(flash_addr, &flash_sector_start, &flash_sector_size);
+    int32_t flash_sector_id = flash_get_sector_info(flash_addr, &flash_sector_start, &flash_sector_size);
     if (flash_sector_size > FLASH_SECTOR_SIZE_MAX) {
         flash_sector_size = FLASH_SECTOR_SIZE_MAX;
     }
@@ -201,7 +201,7 @@ static uint8_t *flash_cache_get_addr_for_write(uint32_t flash_addr) {
 static uint8_t *flash_cache_get_addr_for_read(uint32_t flash_addr) {
     uint32_t flash_sector_start;
     uint32_t flash_sector_size;
-    uint32_t flash_sector_id = flash_get_sector_info(flash_addr, &flash_sector_start, &flash_sector_size);
+    int32_t flash_sector_id = flash_get_sector_info(flash_addr, &flash_sector_start, &flash_sector_size);
     if (flash_cache_sector_id == flash_sector_id) {
         // in cache, copy from there
         return (uint8_t *)CACHE_MEM_START_ADDR + flash_addr - flash_sector_start;
diff --git a/ports/stm32/mboot/main.c b/ports/stm32/mboot/main.c
index d45278741..8cc14c2ac 100644
--- a/ports/stm32/mboot/main.c
+++ b/ports/stm32/mboot/main.c
@@ -476,25 +476,27 @@ static int mboot_flash_mass_erase(void) {
 
 static int mboot_flash_page_erase(uint32_t addr, uint32_t *next_addr) {
     uint32_t sector_size = 0;
-    uint32_t sector = flash_get_sector_info(addr, NULL, &sector_size);
-    if (sector == 0) {
-        // Don't allow to erase the sector with this bootloader in it
+    uint32_t sector_start = 0;
+    int32_t sector = flash_get_sector_info(addr, &sector_start, &sector_size);
+    if (sector <= 0) {
+        // Don't allow to erase the sector with this bootloader in it, or invalid sectors
         dfu_context.status = DFU_STATUS_ERROR_ADDRESS;
-        dfu_context.error = MBOOT_ERROR_STR_OVERWRITE_BOOTLOADER_IDX;
+        dfu_context.error = (sector == 0) ? MBOOT_ERROR_STR_OVERWRITE_BOOTLOADER_IDX
+                                          : MBOOT_ERROR_STR_INVALID_ADDRESS_IDX;
         return -1;
     }
 
-    *next_addr = addr + sector_size;
+    *next_addr = sector_start + sector_size;
 
     // Erase the flash page.
-    int ret = flash_erase(addr, sector_size / sizeof(uint32_t));
+    int ret = flash_erase(sector_start, sector_size / sizeof(uint32_t));
     if (ret != 0) {
         return ret;
     }
 
     // Check the erase set bits to 1, at least for the first 256 bytes
     for (int i = 0; i < 64; ++i) {
-        if (((volatile uint32_t*)addr)[i] != 0xffffffff) {
+        if (((volatile uint32_t*)sector_start)[i] != 0xffffffff) {
             return -2;
         }
     }
@@ -503,11 +505,12 @@ static int mboot_flash_page_erase(uint32_t addr, uint32_t *next_addr) {
 }
 
 static int mboot_flash_write(uint32_t addr, const uint8_t *src8, size_t len) {
-    uint32_t sector = flash_get_sector_info(addr, NULL, NULL);
-    if (sector == 0) {
+    int32_t sector = flash_get_sector_info(addr, NULL, NULL);
+    if (sector <= 0) {
         // Don't allow to write the sector with this bootloader in it
         dfu_context.status = DFU_STATUS_ERROR_ADDRESS;
-        dfu_context.error = MBOOT_ERROR_STR_OVERWRITE_BOOTLOADER_IDX;
+        dfu_context.error = (sector == 0) ? MBOOT_ERROR_STR_OVERWRITE_BOOTLOADER_IDX
+                                          : MBOOT_ERROR_STR_INVALID_ADDRESS_IDX;
         return -1;
     }