[PATCH mtd-utils] misc-utils: fix integer overflow in ftl_check.c
Anton Moryakov
ant.v.moryakov at gmail.com
Thu Dec 19 03:49:00 PST 2024
Report of the static analyzer:
An integer overflow may occur due to arithmetic operation (multiplication) between variable 'nbam' and value '4' of 'sizeof(u_int)', when 'nbam' is in range
Corrections explained:
Avoid arithmetic overflow that could cause an incorrect amount of memory to be allocated.
Handle memory allocation errors (malloc).
The code is robust and safe for large nbam values.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
misc-utils/ftl_check.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/misc-utils/ftl_check.c b/misc-utils/ftl_check.c
index 5b2dae5..fe43a24 100644
--- a/misc-utils/ftl_check.c
+++ b/misc-utils/ftl_check.c
@@ -120,8 +120,17 @@ static void check_partition(int fd)
/* Create basic block allocation table for control blocks */
nbam = (mtd.erasesize >> hdr.BlockSize);
+ if (nbam > SIZE_MAX / sizeof(u_int)) {
+ fprintf(stderr, "Error: nbam value too large, potential overflow detected.\n");
+ free(bam);
+ return;
+ }
+
bam = malloc(nbam * sizeof(u_int));
+ if (!bam) {
+ perror("malloc failed");
+ return;
+ }
+
for (i = 0; i < le16_to_cpu(hdr.NumEraseUnits); i++) {
if (lseek(fd, (i << hdr.EraseUnitSize), SEEK_SET) == -1) {
perror("seek failed");
--
2.30.2
More information about the linux-mtd
mailing list