[MTD] potential division by 0 in cfi_build_cmd() and cfi_merge_status()?

Roel Kluin 12o3l at tiscali.nl
Mon Jan 14 19:28:12 EST 2008


Doing some grepping, I stumbled upon this possible error:

in include/linux/mtd/cfi.h, lines 302 and 366, resp. functions
cfi_build_cmd() and cfi_merge_status() there is a division by
cfi_interleave(cfi):

chip_mode = map_bankwidth(map) / cfi_interleave(cfi);

This could be problematic when No CONFIG_MTD_CFI_Ix is selected:
cfi_interleave will triggers BUG(), but when BUG is disabled, the
function returns 0, causing a subsequent division by zero.

When a CONFIG_MTD_CFI_Ix is selected, cfi_interleave(cfi) is either
defined 1 or defined (cfi)->interleave.

cfi is a struct cfi_private pointer, with interleave as an int.

I am not sure whether interleave can ever be 0 in this division when 
CONFIG_MTD_CFI_Ix is set.

shouldn't there be an error exit when cfi_interleave(cfi) evaluates
to 0?

I am not subscribed to this list, so please CC.

Roel



More information about the linux-mtd mailing list