Bug in __get_mtd_device()

Jörn Engel joern at wohnheim.fh-wedel.de
Fri Oct 12 09:40:29 EDT 2001


Correct me, if I am wrong, but there seems to be a bug in
__get_mtd_device() in drivers/mtd/mtdcore.c.

The following line seems to be dangerous:
	} else if (num < MAX_MTD_DEVICES) {

num has type int (signed) and is not checked against negative values.
You could either use this hack:
  } else if ((unsigned)num < MAX_MTD_DEVICES) {

which might break if some platform doesn't use a two's complement for
negative numbers or do the long check:
  } else if (num >= 0 && num < MAX_MTD_DEVICES) {

I would prefer the latter, correctness is more important than

Another fix that changes the semantics slightly would be to use this
	if (num < 0) {

instead of:
	if (num == -1) {


If you have the right attitude, interesting problems will find you.

More information about the linux-mtd mailing list