[PATCH v2] mtd: diskonchip: Cast an operand to uint64_t to prevent potential uint32_t overflow in inftl_partscan()
Miquel Raynal
miquel.raynal at bootlin.com
Tue Oct 22 01:41:38 PDT 2024
Hi,
zichenxie0106 at gmail.com wrote on Mon, 21 Oct 2024 14:27:54 -0500:
> From: Zichen Xie <zichenxie0106 at gmail.com>
>
> This was found by a static analyzer.
This should be the last sentence, not the first, maybe?
> There may be a potential integer overflow issue in
> inftl_partscan(). parts[0].size is defined as "uint64_t"
> while mtd->erasesize and ip->firstUnit are defined as 32-bit
> unsigned integer. The result of the calculation will be limited
> to 32 bits without correct casting.
> So, we recommend adding an extra cast to prevent potential
> integer overflow.
The wrapping is odd.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Zichen Xie <zichenxie0106 at gmail.com>
> ---
> v2: correct "Fixes" tag.
If you want to provide a fix, you probably want to Cc: stable as well.
Thanks,
Miquèl
More information about the linux-mtd
mailing list