[PATCH mtd-utils] ubifs-utils: mkfs.ubifs: fix integer overflow in mkfs.ubifs.c
Anton Moryakov
ant.v.moryakov at gmail.com
Tue Dec 17 09:28:16 PST 2024
Report of the static analyzer:
The value of an arithmetic expression '4 * c->leb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic
Corrections explained:
To avoid overflow, we cast one of the operands (in this case c->leb_size) to type long long, which has a larger range.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
index b5f3892..9f276c5 100644
--- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
+++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
@@ -858,8 +858,8 @@ static int get_options(int argc, char**argv)
/* Make the max journal size 8MiB */
if (c->max_bud_bytes > 8 * 1024 * 1024)
c->max_bud_bytes = 8 * 1024 * 1024;
- if (c->max_bud_bytes < 4 * c->leb_size)
- c->max_bud_bytes = 4 * c->leb_size;
+ if (c->max_bud_bytes < 4 * (long long)c->leb_size)
+ c->max_bud_bytes = 4 * (long long)c->leb_size;
}
if (c->log_lebs == -1) {
--
2.30.2
More information about the linux-mtd
mailing list