[PATCH mtd-utils] misc-utils: fix integer overflow in ftl_check.c
Zhihao Cheng
chengzhihao1 at huawei.com
Thu Dec 19 05:20:14 PST 2024
在 2024/12/19 20:30, Anton Moryakov 写道:
> Report of the static analyzer:
> An integer overflow may occur due to arithmetic operation (multiplication) between variable 'nbam' and value '4' of 'sizeof(u_int)', when 'nbam' is in range
Above lines can be removed.
And the title of the patch should be "[PATCH mtd-utils] misc-utils: add
missing error handling for 'bam' allocation".
>
> Corrections explained:
> Added robust handling for malloc() failure by checking the returnvalueand providing a clear error message.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> misc-utils/ftl_check.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
Reviewed-by: Zhihao Cheng <chengzhihao1 at huawei.com>
>
> diff --git a/misc-utils/ftl_check.c b/misc-utils/ftl_check.c
> index 5b2dae5..fe43a24 100644
> --- a/misc-utils/ftl_check.c
> +++ b/misc-utils/ftl_check.c
> @@ -120,8 +120,17 @@ static void check_partition(int fd)
>
> /* Create basic block allocation table for control blocks */
> nbam = (mtd.erasesize >> hdr.BlockSize);
> bam = malloc(nbam * sizeof(u_int));
> + if (!bam) {
> + perror("malloc failed");
> + return;
> + }
>
> for (i = 0; i < le16_to_cpu(hdr.NumEraseUnits); i++) {
> if (lseek(fd, (i << hdr.EraseUnitSize), SEEK_SET) == -1) {
> perror("seek failed");
>
More information about the linux-mtd
mailing list