From 52bb6a96e54d3cc88592492daac26171703a87f7 Mon Sep 17 00:00:00 2001
From: CTCaer <ctcaer@gmail.com>
Date: Sat, 29 Jan 2022 01:40:38 +0200
Subject: [PATCH] bdk: nx emmc bis: fix out of cluster bounds accesses

---
 bdk/storage/nx_emmc_bis.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/bdk/storage/nx_emmc_bis.c b/bdk/storage/nx_emmc_bis.c
index 4bcbc47..28bdc6f 100644
--- a/bdk/storage/nx_emmc_bis.c
+++ b/bdk/storage/nx_emmc_bis.c
@@ -251,7 +251,12 @@ int nx_emmc_bis_read(u32 sector, u32 count, void *buff)
 
 	while (count)
 	{
-		u32 sct_cnt = MIN(count, BIS_CLUSTER_SECTORS);
+		// Get sector index in cluster and use it as boundary check.
+		u32 cnt_max = (curr_sct % BIS_CLUSTER_SECTORS);
+		cnt_max = BIS_CLUSTER_SECTORS - cnt_max;
+
+		u32 sct_cnt = MIN(count, cnt_max); // Only allow cluster sized access.
+
 		if (nx_emmc_bis_read_block(curr_sct, sct_cnt, buf))
 			return 0;
 
@@ -270,7 +275,12 @@ int nx_emmc_bis_write(u32 sector, u32 count, void *buff)
 
 	while (count)
 	{
-		u32 sct_cnt = MIN(count, BIS_CLUSTER_SECTORS);
+		// Get sector index in cluster and use it as boundary check.
+		u32 cnt_max = (curr_sct % BIS_CLUSTER_SECTORS);
+		cnt_max = BIS_CLUSTER_SECTORS - cnt_max;
+
+		u32 sct_cnt = MIN(count, cnt_max); // Only allow cluster sized access.
+
 		if (nx_emmc_bis_write_block(curr_sct, sct_cnt, buf, false))
 			return 0;