From 2f82854e8a9ecc4e61037c2faaf7e59b52ecd0c5 Mon Sep 17 00:00:00 2001
From: "S.J.R. van Schaik" <stephan@whiteboxsystems.nl>
Date: Sat, 11 Mar 2017 13:51:04 +0000
Subject: [PATCH] flash: sandbox: fix size checks and erase initial memory

---
 source/drivers/sandbox_flash.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source/drivers/sandbox_flash.c b/source/drivers/sandbox_flash.c
index 0028e3a..afeadfb 100644
--- a/source/drivers/sandbox_flash.c
+++ b/source/drivers/sandbox_flash.c
@@ -32,7 +32,7 @@ static int stdio_flash_read(struct flash_dev *dev, uint32_t addr, void *data,
 {
 	struct stdio_flash_priv *priv = dev->priv;
 
-	if (addr > priv->size || priv->size - addr > len)
+	if (addr > priv->size || len > priv->size - addr)
 		return -1;
 
 	memcpy(data, priv->data + addr, len);
@@ -48,7 +48,7 @@ static int stdio_flash_write(struct flash_dev *dev, uint32_t addr,
 	char *dst;
 	size_t i;
 
-	if (addr > priv->size || priv->size - addr > len)
+	if (addr > priv->size || len > priv->size - addr)
 		return -1;
 
 	src = data;
@@ -89,6 +89,7 @@ struct flash_dev *flash_probe(void)
 		MAP_ANONYMOUS | MAP_PRIVATE, -1, 0)))
 		goto err_free_priv;
 
+	memset(priv->data, 0xFF, CONFIG_FLASH_SIZE);
 	priv->size = CONFIG_FLASH_SIZE;
 
 	dev->priv = priv;