stm32/storage: Prevent attempts to read/write invalid block addresses.

A corrupt filesystem may lead to a request for a block which is out of
range of the block device limits.  Return an error instead of passing the
request down to the lower layer.

ports/stm32/storage.c

@@ -340,8 +340,12 @@ STATIC mp_obj_t pyb_flash_readblocks(size_t n_args, const mp_obj_t *args) {
     else if (self != &pyb_flash_obj) {
         // Extended block read on a sub-section of the flash storage
         uint32_t offset = mp_obj_get_int(args[3]);
-        block_num += self->start / PYB_FLASH_NATIVE_BLOCK_SIZE;
-        ret = MICROPY_HW_BDEV_READBLOCKS_EXT(bufinfo.buf, block_num, offset, bufinfo.len);
+        if ((block_num * PYB_FLASH_NATIVE_BLOCK_SIZE) >= self->len) {
+            ret = -MP_EFAULT; // Bad address
+        } else {
+            block_num += self->start / PYB_FLASH_NATIVE_BLOCK_SIZE;
+            ret = MICROPY_HW_BDEV_READBLOCKS_EXT(bufinfo.buf, block_num, offset, bufinfo.len);
+        }
     }
     #endif
     return MP_OBJ_NEW_SMALL_INT(ret);
@@ -363,8 +367,12 @@ STATIC mp_obj_t pyb_flash_writeblocks(size_t n_args, const mp_obj_t *args) {
     else if (self != &pyb_flash_obj) {
         // Extended block write on a sub-section of the flash storage
         uint32_t offset = mp_obj_get_int(args[3]);
-        block_num += self->start / PYB_FLASH_NATIVE_BLOCK_SIZE;
-        ret = MICROPY_HW_BDEV_WRITEBLOCKS_EXT(bufinfo.buf, block_num, offset, bufinfo.len);
+        if ((block_num * PYB_FLASH_NATIVE_BLOCK_SIZE) >= self->len) {
+            ret = -MP_EFAULT; // Bad address
+        } else {
+            block_num += self->start / PYB_FLASH_NATIVE_BLOCK_SIZE;
+            ret = MICROPY_HW_BDEV_WRITEBLOCKS_EXT(bufinfo.buf, block_num, offset, bufinfo.len);
+        }
     }
     #endif
     return MP_OBJ_NEW_SMALL_INT(ret);