[PATCH v2] mtd: diskonchip: Cast an operand to uint64_t to prevent potential uint32_t overflow in inftl_partscan()
Zichen Xie
zichenxie0106 at gmail.com
Tue Oct 22 08:49:45 PDT 2024
On 2024/10/22 3:41, Miquel Raynal wrote:
> Hi,
>
> zichenxie0106 at gmail.com wrote on Mon, 21 Oct 2024 14:27:54 -0500:
>
>> From: Zichen Xie <zichenxie0106 at gmail.com>
>>
>> This was found by a static analyzer.
> This should be the last sentence, not the first, maybe?
I saw a lot patches making it as the first sentence. So, I did it too.
>
>> There may be a potential integer overflow issue in
>> inftl_partscan(). parts[0].size is defined as "uint64_t"
>> while mtd->erasesize and ip->firstUnit are defined as 32-bit
>> unsigned integer. The result of the calculation will be limited
>> to 32 bits without correct casting.
>> So, we recommend adding an extra cast to prevent potential
>> integer overflow.
> The wrapping is odd.
Sorry, but could you please point out where's odd so I can fix it.
>
>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
>> Signed-off-by: Zichen Xie <zichenxie0106 at gmail.com>
>> ---
>> v2: correct "Fixes" tag.
> If you want to provide a fix, you probably want to Cc: stable as well.
Yeah, I will add that to the next version.
Best,
Zichen
>
> Thanks,
> Miquèl
More information about the linux-mtd
mailing list