[PATCH v2] mtd: diskonchip: Cast an operand to uint64_t to prevent potential uint32_t overflow in inftl_partscan()
Miquel Raynal
miquel.raynal at bootlin.com
Wed Oct 23 01:12:00 PDT 2024
Hi Zichen,
zichenxie0106 at gmail.com wrote on Tue, 22 Oct 2024 10:49:45 -0500:
> On 2024/10/22 3:41, Miquel Raynal wrote:
> > Hi,
> >
> > zichenxie0106 at gmail.com wrote on Mon, 21 Oct 2024 14:27:54 -0500:
> >
> >> From: Zichen Xie <zichenxie0106 at gmail.com>
> >>
> >> This was found by a static analyzer.
> > This should be the last sentence, not the first, maybe?
> I saw a lot patches making it as the first sentence. So, I did it too.
Well, they are likely wrong.
Also, please shorten your commit title
"Cast an operand to prevent potential overflow" would be enough. You'll
give the details in the commit log anyway.
> >
> >> There may be a potential integer overflow issue in
> >> inftl_partscan(). parts[0].size is defined as "uint64_t"
> >> while mtd->erasesize and ip->firstUnit are defined as 32-bit
> >> unsigned integer. The result of the calculation will be limited
> >> to 32 bits without correct casting.
> >> So, we recommend adding an extra cast to prevent potential
> >> integer overflow.
> > The wrapping is odd.
> Sorry, but could you please point out where's odd so I can fix it.
Your commit log is wrapped at 60-char.
> >
> >> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> >> Signed-off-by: Zichen Xie <zichenxie0106 at gmail.com>
> >> ---
> >> v2: correct "Fixes" tag.
> > If you want to provide a fix, you probably want to Cc: stable as well.
>
> Yeah, I will add that to the next version.
>
>
> Best,
>
> Zichen
>
> >
> > Thanks,
> > Miquèl
Thanks,
Miquèl
More information about the linux-mtd
mailing list