[PATCH mtd-utils] jffsX-utils: fix integer overflow in jffs2dump.c

[Anton Moryakov]

Report of the static analyzer:
The value of an arithmetic expression 'datsize + oobsize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic.

Corrections explained:
- Added a check to validate datsize and oobsize to ensure they are non-negative and within a safe range.
- Cast datsize and oobsize to long before performing arithmetic to prevent potential integer overflow.

This change ensures safe computation of offsets and prevents undefined behavior caused by overflow.

Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
 jffsX-utils/jffs2dump.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/jffsX-utils/jffs2dump.c b/jffsX-utils/jffs2dump.c
index 30455ea..5b0e144 100644
--- a/jffsX-utils/jffs2dump.c
+++ b/jffsX-utils/jffs2dump.c
@@ -772,6 +772,13 @@ int main(int argc, char **argv)
 		exit(EXIT_FAILURE);
 	}
 
+	if (datsize < 0  oobsize < 0  datsize > imglen || (long)datsize + oobsize < 0) {
+		fprintf(stderr, "Error: invalid datsize/oobsize.\n");
+		free(data);
+		close (fd);
+		exit(EXIT_FAILURE);
+	}
+
 	if (datsize && oobsize) {
 		int  idx = 0;
 		long len = imglen;
@@ -783,7 +790,7 @@ int main(int argc, char **argv)
 			read_nocheck (fd, oob, oobsize);
 			idx += datsize;
 			imglen -= oobsize;
-			len -= datsize + oobsize;
+			len -= (long)datsize + oobsize;
 		}
 
 	} else {
-- 
2.30.2