From a7b30deb5bf4c35c62d203b00dd10c62967380e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=2E=20Neusch=C3=A4fer?= <j.ne@posteo.net>
Date: Sun, 18 Feb 2024 15:19:39 +0100
Subject: [PATCH] Fix overflow of write_buffer

This buffer overflow has been there since the beginning, but it hadn't
been noticed, because flashrom usually uses page-sized writes at most
(256 + 4/5 bytes).
---
 main.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/main.c b/main.c
index f6b907c..bdcb75b 100644
--- a/main.c
+++ b/main.c
@@ -130,13 +130,17 @@ void process(const pio_spi_inst_t *spi, int command) {
 
                 uint32_t wlen = getu24();
                 uint32_t rlen = getu24();
+                uint32_t chunk;
 
                 cs_select(PIN_CS);
-                fread(write_buffer, 1, wlen, stdin);
-                pio_spi_write8_blocking(spi, write_buffer, wlen);
+
+                for(uint32_t i = 0; i < wlen; i += chunk) {
+                    chunk = MIN(wlen - i, sizeof(write_buffer));
+                    fread(write_buffer, 1, wlen, stdin);
+                    pio_spi_write8_blocking(spi, write_buffer, wlen);
+                }
 
                 putchar(S_ACK);
-                uint32_t chunk;
                 char buf[128];
 
                 for(uint32_t i = 0; i < rlen; i += chunk) {