[PATCH mtd-utils] ubi-utils: Fix integer overflow in mtdinfo.c
Anton Moryakov
ant.v.moryakov at gmail.com
Fri Dec 13 05:15:00 PST 2024
Report of the static analyzer:
The value of an arithmetic expression 'reginfo->offset + i * reginfo->erasesize' is a subject to overflow
because its operands are not cast to a larger data type before performing arithmetic
Corrections explained:
Added casting reginfo->offset to long long
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
ubi-utils/mtdinfo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ubi-utils/mtdinfo.c b/ubi-utils/mtdinfo.c
index 7dff0de..850297b 100644
--- a/ubi-utils/mtdinfo.c
+++ b/ubi-utils/mtdinfo.c
@@ -203,7 +203,7 @@ static void print_region_map(const struct mtd_dev_info *mtd, int fd,
ret_locked = ret_bad = errno_locked = errno_bad = 0;
for (i = 0; i < reginfo->numblocks; ++i) {
- start = reginfo->offset + i * reginfo->erasesize;
+ start = reginfo->offset + (unsigned long long)i * reginfo->erasesize;
printf(" %*i: %08lx ", width, i, start);
if (ret_locked != -1) {
--
2.30.2
More information about the linux-mtd
mailing list