rendered paste bodyIndex: ata.c
===================================================================
--- ata.c (revision 16556)
+++ ata.c (working copy)
@@ -81,6 +81,7 @@
#ifdef HAVE_LBA48
static bool lba48 = false; /* set for 48 bit addressing */
#endif
+unsigned long sector_count = 0;
static long ata_stack[(DEFAULT_STACK_SIZE*3)/sizeof(long)];
static const char ata_thread_name[] = "ata";
static struct event_queue ata_queue;
@@ -277,6 +278,9 @@
void* buf;
long spinup_start;
+ if((start + incount) > sector_count)
+ return -6;
+
#ifndef MAX_PHYS_SECTOR_SIZE
#ifdef HAVE_MULTIVOLUME
(void)drive; /* unused for now */
@@ -482,6 +486,9 @@
int ret = 0;
long spinup_start;
+ if((start + count) > sector_count)
+ panicf("Writing past end of disk\n");
+
#ifndef MAX_PHYS_SECTOR_SIZE
#ifdef HAVE_MULTIVOLUME
(void)drive; /* unused for now */
@@ -621,6 +628,9 @@
int rc = 0;
int offset;
+ if((start + incount) > sector_count)
+ return -6;
+
#ifdef HAVE_MULTIVOLUME
(void)drive; /* unused for now */
#endif
@@ -687,6 +697,9 @@
int rc = 0;
int offset;
+ if((start + count) > sector_count)
+ panicf("Writing past end of disk\n");
+
#ifdef HAVE_MULTIVOLUME
(void)drive; /* unused for now */
#endif
@@ -1246,8 +1259,17 @@
&& identify_info[61] == 0x0FFF) /* (needs BigLBA addressing) */
{
lba48 = true; /* use BigLBA */
- }
+ sector_count = (unsigned long) identify_info[103] << 48 |
+ (unsigned long) identify_info[102] << 32 |
+ (unsigned long) identify_info[101] << 16 |
+ (unsigned long) identify_info[100];
+ }
+ else
#endif
+ sector_count = (unsigned long) identify_info[61] << 16 |
+ (unsigned long) identify_info[60] ;
+
+
rc = freeze_lock();
if (rc)