@@ -255,7 +255,9 @@ static unsigned nand_load_block(NANDFlashState *s, unsigned offset)
{
unsigned iolen;
- s->blk_load(s, s->addr, offset);
+ if (!s->blk_load(s, s->addr, offset)) {
+ return 0;
+ }
iolen = (1 << s->page_shift);
if (s->gnd) {
@@ -783,6 +785,10 @@ static bool glue(nand_blk_load_, NAND_PAGE_SIZE)(NANDFlashState *s,
return false;
}
+ if (offset > NAND_PAGE_SIZE + OOB_SIZE) {
+ return false;
+ }
+
if (s->blk) {
if (s->mem_oob) {
if (blk_pread(s->blk, SECTOR(addr) << BDRV_SECTOR_BITS,