[PATCH mtd-utils] jffsX-utils: fix integer overflow in jffs2dump.c
Zhihao Cheng
chengzhihao1 at huawei.com
Wed Dec 18 20:54:25 PST 2024
在 2024/12/18 19:42, Anton Moryakov 写道:
> Report of the static analyzer:
> The value of an arithmetic expression 'datsize + oobsize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic
>
> Corrections explained:
> Fixed potential overflow in arithmetic operation datsize + oobsize
> by casting operands to unsigned long long to ensure safe computation.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> jffsX-utils/jffs2dump.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/jffsX-utils/jffs2dump.c b/jffsX-utils/jffs2dump.c
> index 30455ea..5be7a5b 100644
> --- a/jffsX-utils/jffs2dump.c
> +++ b/jffsX-utils/jffs2dump.c
> @@ -783,7 +783,7 @@ int main(int argc, char **argv)
> read_nocheck (fd, oob, oobsize);
> idx += datsize;
> imglen -= oobsize;
> - len -= datsize + oobsize;
> + len -= (unsigned long long)datsize + (unsigned long long)oobsize;
The 'datsize' and 'oobsize' are parsed from user arguments, 'datsize'
and 'oobsize' could be negative, so I think we need more checking items.
> }
>
> } else {
>
More information about the linux-mtd
mailing list