From e229ec0340ba2a921223eec51169200cc10c8329 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Fri, 21 Oct 2016 19:33:42 +0800
Subject: [PATCH] spi_flash: check physical address in mmap against flash chip
 size

---
 components/spi_flash/flash_mmap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/spi_flash/flash_mmap.c b/components/spi_flash/flash_mmap.c
index 8636a2605e..2165a784d1 100644
--- a/components/spi_flash/flash_mmap.c
+++ b/components/spi_flash/flash_mmap.c
@@ -88,6 +88,9 @@ esp_err_t IRAM_ATTR spi_flash_mmap(uint32_t src_addr, size_t size, spi_flash_mma
     if (src_addr & 0xffff) {
         return ESP_ERR_INVALID_ARG;
     }
+    if (src_addr + size > g_rom_flashchip.chip_size) {
+        return ESP_ERR_INVALID_ARG;
+    }
     spi_flash_disable_interrupts_caches_and_other_cpu();
     if (s_mmap_page_refcnt[0] == 0) {
         spi_flash_mmap_init();