[bug reportish] UBI_MAX_ERASECOUNTER not used consistently
Dan Carpenter
dan.carpenter at oracle.com
Fri Oct 5 02:57:04 EDT 2012
Hi Artem,
I normally audit for underflows and I had a question about this code.
mtd/ubi/attach.c
665 static int early_erase_peb(struct ubi_device *ubi,
666 const struct ubi_attach_info *ai, int pnum, int ec)
667 {
668 int err;
669 struct ubi_ec_hdr *ec_hdr;
670
671 if ((long long)ec >= UBI_MAX_ERASECOUNTER) {
Casting to long long doesn't serve any purpose. We normally say that
"> UBI_MAX_ERASECOUNTER" is invalid but "== UBI_MAX_ERASECOUNTER" is Ok.
The "ec" variable is signed and negative values are missed on this
check.
672 /*
673 * Erase counter overflow. Upgrade UBI and use 64-bit
674 * erase counters internally.
675 */
676 ubi_err("erase counter overflow at PEB %d, EC %d", pnum, ec);
677 return -EINVAL;
678 }
679
680 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
regards,
dan carpenter
More information about the linux-mtd
mailing list