Sounds quite likely that even if the return code checking does get patched in, that this will still be vulnerable to Travis Goodspeed's techniques here: https://www.youtube.com/watch?v=ijyAwxH_iok
(So you don't ned to watch right through – though I highly recommend you do – there's a trick he describes where you use a specially crafted "USB Drive" which can return one version of a file the first time it's read, and a different file the second time – if you know you've got a device that reads in a file to check it's signature first, then reads it again assuming it's getting the same content – that assumption isn't necessarily correct… A "smart" USB Drive can return whatever you choose, including a properly signed Google sourced image the first time 0x1000 is read, and whatever else you want the second time when the device is mounting it rather than verifying it.)
The original PS3 jailbreak used a similar trick where the first USB descriptor returned had size A and the second time the descriptor was read it was size B > A. Buffer overrun! =) It required a special device that can act as a USB gadget like a Nokia N900 or AVR-USB micro.
(So you don't ned to watch right through – though I highly recommend you do – there's a trick he describes where you use a specially crafted "USB Drive" which can return one version of a file the first time it's read, and a different file the second time – if you know you've got a device that reads in a file to check it's signature first, then reads it again assuming it's getting the same content – that assumption isn't necessarily correct… A "smart" USB Drive can return whatever you choose, including a properly signed Google sourced image the first time 0x1000 is read, and whatever else you want the second time when the device is mounting it rather than verifying it.)