Skip to content

Commit bc2b4ff

Browse files
urishurish
committed
fix(rp2040): crashes when reading from invalid flash address
1 parent fa0dc6c commit bc2b4ff

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

src/rp2040.ts

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ import { ConsoleLogger, Logger, LogLevel } from './utils/logging';
2727
import { RPTBMAN } from './peripherals/tbman';
2828

2929
export const FLASH_START_ADDRESS = 0x10000000;
30-
export const FLASH_END_ADDRESS = 0x14000000;
3130
export const RAM_START_ADDRESS = 0x20000000;
3231
export const DPRAM_START_ADDRESS = 0x50100000;
3332
export const SIO_START_ADDRESS = 0xd0000000;
@@ -188,7 +187,10 @@ export class RP2040 {
188187
const { bootrom } = this;
189188
if (address < bootrom.length * 4) {
190189
return bootrom[address / 4];
191-
} else if (address >= FLASH_START_ADDRESS && address < FLASH_END_ADDRESS) {
190+
} else if (
191+
address >= FLASH_START_ADDRESS &&
192+
address < FLASH_START_ADDRESS + this.flash.length
193+
) {
192194
return this.flashView.getUint32(address - FLASH_START_ADDRESS, true);
193195
} else if (address >= RAM_START_ADDRESS && address < RAM_START_ADDRESS + this.sram.length) {
194196
return this.sramView.getUint32(address - RAM_START_ADDRESS, true);
@@ -218,7 +220,7 @@ export class RP2040 {
218220

219221
/** We assume the address is 16-bit aligned */
220222
readUint16(address: number) {
221-
if (address >= FLASH_START_ADDRESS && address < FLASH_END_ADDRESS) {
223+
if (address >= FLASH_START_ADDRESS && address < FLASH_START_ADDRESS + this.flash.length) {
222224
return this.flashView.getUint16(address - FLASH_START_ADDRESS, true);
223225
} else if (address >= RAM_START_ADDRESS && address < RAM_START_ADDRESS + this.sram.length) {
224226
return this.sramView.getUint16(address - RAM_START_ADDRESS, true);
@@ -229,7 +231,7 @@ export class RP2040 {
229231
}
230232

231233
readUint8(address: number) {
232-
if (address >= FLASH_START_ADDRESS && address < FLASH_END_ADDRESS) {
234+
if (address >= FLASH_START_ADDRESS && address < FLASH_START_ADDRESS + this.flash.length) {
233235
return this.flash[address - FLASH_START_ADDRESS];
234236
} else if (address >= RAM_START_ADDRESS && address < RAM_START_ADDRESS + this.sram.length) {
235237
return this.sram[address - RAM_START_ADDRESS];
@@ -249,7 +251,10 @@ export class RP2040 {
249251
peripheral.writeUint32Atomic(offset, value, atomicType);
250252
} else if (address < bootrom.length * 4) {
251253
bootrom[address / 4] = value;
252-
} else if (address >= FLASH_START_ADDRESS && address < FLASH_END_ADDRESS) {
254+
} else if (
255+
address >= FLASH_START_ADDRESS &&
256+
address < FLASH_START_ADDRESS + this.flash.length
257+
) {
253258
this.flashView.setUint32(address - FLASH_START_ADDRESS, value, true);
254259
} else if (address >= RAM_START_ADDRESS && address < RAM_START_ADDRESS + this.sram.length) {
255260
this.sramView.setUint32(address - RAM_START_ADDRESS, value, true);

0 commit comments

Comments
 (0)