From 0c7bde8de630f1668cf554e14641bffd56617e1e Mon Sep 17 00:00:00 2001 From: David Anderson Date: Mon, 30 Jul 2018 12:54:53 -0700 Subject: [PATCH] fastboot: Fix hang when sparse images end in small chunks. When host fastboot sends sparse blocks to the device, it tries to only send blocks in multiples of 1024 bytes. If a block is not aligned to this size, the excess bytes are prepended to the next write operation. This is implemented by doing the write in two steps: first the previous excess from the last write (plus new data up to alignment), then a second write for the aligned remainder of the new data. This logic has a bug if the final block plus the previous excess data contains >= 1024 but < 2048 bytes. In this case the first write will drain 1024 bytes from the data, and the second write will not have 1024 bytes to write. Instead of retaining this data for the next write, it tries to write 0 chunks (and thus 0 bytes), which hangs the ioctl() call. Bug: N/A Test: "fastboot flash super super.img" where super.img is generated by lpmake, containing system and product_services partitions and images. Change-Id: I9e8523c976ec84d5a57b36a28f4b1ca800edb7e7 --- fastboot/fastboot_driver.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fastboot/fastboot_driver.cpp b/fastboot/fastboot_driver.cpp index c308420552ad..aabc620d431a 100644 --- a/fastboot/fastboot_driver.cpp +++ b/fastboot/fastboot_driver.cpp @@ -462,6 +462,10 @@ RetCode FastBootDriver::SendBuffer(const std::vector& buf) { } RetCode FastBootDriver::SendBuffer(const void* buf, size_t size) { + if (!size) { + return SUCCESS; + } + // Write the buffer ssize_t tmp = transport->Write(buf, size);