mtd-utils.git, branch v2.3.1

Release mtd-utils-2.3.1

2026-04-13T07:07:48+00:00

Signed-off-by: David Oberhollenzer

Update CHANGELOG.md

2026-04-13T07:04:38+00:00

Signed-off-by: David Oberhollenzer

mtd-utils: tests: jittertest: reject overlong file names

2026-04-13T06:42:56+00:00

plotJittervsFill copies the -f argument into a 250-byte buffer with strncpy(..., sizeof(LogFile)). A 250-byte file name leaves the buffer unterminated, and the subsequent fopen() reads past the end of LogFile. JitterTest uses the same fixed-size file name pattern for -r, while -c still silently truncates overlong names and -f already rejects them. Validate jittertest file name arguments before copying them so these options all reject overlong input instead of truncating it or reading past the end of fixed-size buffers. Add a shell regression test that exercises the accepted and rejected boundary lengths for plotJittervsFill and JitterTest during make check. Signed-off-by: Aviv Daum Signed-off-by: David Oberhollenzer

misc-utils: docfdisk.c: validate partition size to prevent arithmetic overflow

2026-04-13T06:42:56+00:00

report of the static analyzer: Possible integer overflow: right operand is tainted. An integer overflow may occur due to arithmetic operation (addition) between variable 'block' and value { [1, 4294967295] } of 'nblocks[i]', when 'block' is equal to '1' correct explained: Added bounds check before incrementing block counter to ensure that adding nblocks[i] does not exceed totblocks. This prevents potential integer overflow when user-specified partition sizes are too large, which could lead to incorrect partition table layout and device corruption. The validation ensures safe arithmetic by checking block + nblocks[i] <= totblocks using unsigned comparison. Signed-off-by: Anton Moryakov Signed-off-by: David Oberhollenzer

misc-utils: docfdisk.c: fix potential integer underflow in partition size calculation

2026-04-13T06:42:56+00:00

report of the static analyzer: Possible integer underflow: right operand is tainted. An integer underflow may occur due to arithmetic operation (unsigned subtraction) between variables 'totblocks' and 'block', where 'totblocks' is in range { [0, 4294967295] }, and 'block' is tainted { [0, 4294967295] } correct explained: Added validation check before calculating remaining space for partition. The issue occurred when setting the last partition size to 0, which triggers calculation 'totblocks - block'. Without validation, if block >= totblocks, this would result in integer underflow due to unsigned arithmetic, potentially creating a partition with enormous size and leading to device corruption. Signed-off-by: Anton Moryakov Signed-off-by: David Oberhollenzer

fsck.ubifs: fix platform dependant ino_t and loff_t formatting

2026-04-13T05:32:41+00:00

On architectures such as armv7-a, ino_t and loff_t are unsigned long long rather than unsigned long. In such cases, the printf format specifier "%lu" is not appropriate and causes an incorrect address offset. mtd-utils/ubifs-utils/fsck.ubifs/problem.c:224 log_out(c, "problem: %s, ino %lu, unreachable dentry %s, type %s%s", problem->desc, ifp->file->inum, c->encrypted && !ifp->file->ino.is_xattr ? "" : dent_node->name, ubifs_get_type_name(dent_node->type), key_type(c, &dent_node->key) == UBIFS_XENT_KEY ? "(xattr)" : ""); fsck.ubifs[484] (/dev/ubi0_0,danger mode): problem: Dentry is unreachable, ino 917, unreachable dentry (null), type checksum_typefile Furthermore, running fsck.ubifs with the --debug=4 option will almost certainly cause a SEGV at the following point. mtd-utils/ubifs-utils/fsck.ubifs/check_files.c:103 dbg_fsck("construct file(%lu) for %s node, TNC location %d:%d, in %s", inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs, c->dev_name); To ensure functionality regardless of environment, cast ino_t to unsigned long, since it will never be more than 4 bytes. For loff_t, use %lld and cast accordingly. Signed-off-by: Yuta Hayama Signed-off-by: Tomas Alvarez Vanoli Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer

fsck.ubifs: don't use pointers that reference out-of-scope variables

2026-04-13T05:32:41+00:00

sn is a reference to either an ino_node, dent_node, or data_node. When sn is actually used in calls to dbg_fsck() or insert_or_update_file(), these variables must not be out of scope. Signed-off-by: Yuta Hayama Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer

ubiattach: fix wording in usage example

2026-04-13T05:32:41+00:00

The usage example 4 describing reserved eraseblocks had awkward and slightly incorrect phrasing ("is total flash chip eraseblocks count"). Reword it for clarity and readability without changing the meaning. Signed-off-by: Mohammad Rahimi Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer

mtd-utils: serve_image: fix _POSIX_C_SOURCE

2025-11-28T20:12:42+00:00

200809 is needed for pread/pwrite Signed-off-by: Rosen Penev Signed-off-by: David Oberhollenzer

mtd-tests: flash_speed: fix error message in read_eraseblock()

2025-11-28T19:13:57+00:00

Replace 'write' with 'read' in the error message of the read_eraseblock() function to indicate the correct direction of the operation. Signed-off-by: Gabor Juhos Signed-off-by: David Oberhollenzer