[PATCH mtd-utils] ubi-utils: Fix integer overflow in mtdinfo.c
Zhihao Cheng
chengzhihao1 at huawei.com
Sun Dec 15 17:08:52 PST 2024
在 2024/12/14 20:31, Anton Moryakov 写道:
> Report of the static analyzer:
> The value of an arithmetic expression 'reginfo->offset + i * reginfo->erasesize' is a subject to overflow
> because its operands are not cast to a larger data type before performing arithmetic
>
> Corrections explained:
> Added casting i and start to unsigned long long
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> ubi-utils/mtdinfo.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Reviewed-by: Zhihao Cheng <chengzhihao1 at huawei.com>
> diff --git a/ubi-utils/mtdinfo.c b/ubi-utils/mtdinfo.c
> index 7dff0de..12d35eb 100644
> --- a/ubi-utils/mtdinfo.c
> +++ b/ubi-utils/mtdinfo.c
> @@ -185,7 +185,7 @@ static void print_ubi_info(const struct mtd_info *mtd_info,
> static void print_region_map(const struct mtd_dev_info *mtd, int fd,
> const region_info_t *reginfo)
> {
> - unsigned long start;
> + unsigned long long start;
> int i, width;
> int ret_locked, errno_locked, ret_bad, errno_bad;
>
> @@ -203,7 +203,7 @@ static void print_region_map(const struct mtd_dev_info *mtd, int fd,
> ret_locked = ret_bad = errno_locked = errno_bad = 0;
>
> for (i = 0; i < reginfo->numblocks; ++i) {
> - start = reginfo->offset + i * reginfo->erasesize;
> + start = reginfo->offset + (unsigned long long)i * reginfo->erasesize;
> printf(" %*i: %08lx ", width, i, start);
>
> if (ret_locked != -1) {
>
More information about the linux-mtd
mailing list