[PATCH mtd-utils] nand-utils: fix integer overflow in nftldump.c
Zhihao Cheng
chengzhihao1 at huawei.com
Thu Dec 26 17:58:44 PST 2024
在 2024/12/26 21:46, Anton Moryakov 写道:
> Report of the static analyzer:
> The value of an arithmetic expression 'i * meminfo.erasesize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic
>
> Corrections explained:
> one of the operands was cast to a wider type, such as unsigned long long, to expand the range of possible values and avoid overflow
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> nand-utils/nftldump.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/nand-utils/nftldump.c b/nand-utils/nftldump.c
> index 30332fe..6964d2c 100644
> --- a/nand-utils/nftldump.c
> +++ b/nand-utils/nftldump.c
> @@ -124,7 +124,7 @@ static void dump_erase_units(void)
> for (i = MedHead[0].FirstPhysicalEUN; i < MedHead[0].FirstPhysicalEUN +
> MedHead[0].NumEraseUnits; i++) {
> /* For each Erase Unit */
> - ofs = i * meminfo.erasesize;
> + ofs = (unsigned long long)i * meminfo.erasesize;
This progream parses information from mtd in the 32-bit way(eg.
MEMREADOOB rather than MEMREADOOB), which means that the total size of
the supported mtd device is smaller than 2^32, so I think the overflow
won't happen.
>
> /* read the Unit Control Information */
> for (j = 0; j < 3; j++) {
>
More information about the linux-mtd
mailing list