A mirror of http://git.infradead.org/mtd-utils.git https://git.infraroot.at/mtd-utils.git/atom?h=v2.3.1 2026-04-13T06:42:56+00:00 2026-04-13T06:42:56+00:00 Anton Moryakov ant.v.moryakov@gmail.com 2025-10-28T10:48:10+00:00 urn:sha1:5f7dd327a813c83f97f4a6128bb82c021ed870d8 report of the static analyzer: Possible integer overflow: right operand is tainted. An integer overflow may occur due to arithmetic operation (addition) between variable 'block' and value { [1, 4294967295] } of 'nblocks[i]', when 'block' is equal to '1' correct explained: Added bounds check before incrementing block counter to ensure that adding nblocks[i] does not exceed totblocks. This prevents potential integer overflow when user-specified partition sizes are too large, which could lead to incorrect partition table layout and device corruption. The validation ensures safe arithmetic by checking block + nblocks[i] <= totblocks using unsigned comparison. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2026-04-13T06:42:56+00:00 Anton Moryakov ant.v.moryakov@gmail.com 2025-10-27T22:50:32+00:00 urn:sha1:3528028a687820eebe2a94013d6ec3a052b4c20e report of the static analyzer: Possible integer underflow: right operand is tainted. An integer underflow may occur due to arithmetic operation (unsigned subtraction) between variables 'totblocks' and 'block', where 'totblocks' is in range { [0, 4294967295] }, and 'block' is tainted { [0, 4294967295] } correct explained: Added validation check before calculating remaining space for partition. The issue occurred when setting the last partition size to 0, which triggers calculation 'totblocks - block'. Without validation, if block >= totblocks, this would result in integer underflow due to unsigned arithmetic, potentially creating a partition with enormous size and leading to device corruption. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2025-11-28T20:12:42+00:00 Rosen Penev rosenp@gmail.com 2025-10-26T20:00:48+00:00 urn:sha1:af2c69a52065236b907f6e478d3645a4fb7f8a9d 200809 is needed for pread/pwrite Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2025-01-30T17:30:16+00:00 Zhihao Cheng chengzhihao1@huawei.com 2025-01-26T06:41:59+00:00 urn:sha1:555a652dfe40619fd316ff7016570734450daf44 The compiler compains following message: misc-utils/flashcp.c:439:3: warning: ‘wrlast_buf’ may be used uninitialized in this function It won't bring any problems because variable '‘wrlast_buf’ is always initialized before being used. Fix the warning by setting 'wrlast_buf' as NULL when declaring it. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2024-12-20T17:35:13+00:00 Anton Moryakov ant.v.moryakov@gmail.com 2024-12-19T13:51:03+00:00 urn:sha1:117efd252bc485084a609c405c312f5a9229e25a Corrections explained: Added robust handling for malloc() failure by checking the returnvalueand providing a clear error message. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2024-12-17T13:34:22+00:00 Anton Moryakov ant.v.moryakov@gmail.com 2024-12-11T14:04:03+00:00 urn:sha1:cf3b826cac649caac853bc319b19be133372166f Report of the static analyzer: The value of an arithmetic expression 'eb_cnt * mtd.eb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: Added explicit casting of eb_cnt to long long in the condition if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size) to ensure the multiplication is performed in a 64-bit context, preventing potential overflow for large values of eb_cnt and mtd.eb_size. This ensures correct handling of devices with large block counts or block sizes. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2024-04-13T14:26:37+00:00 Ben Hutchings ben.hutchings@mind.be 2024-04-12T20:55:05+00:00 urn:sha1:cc7af09ae09ae20565e61f7d33b5ec0329797647 fectest.c formats a struct timeval with the assumption that time_t and suseconds_t are aliases for long, but some 32-bit systems now define them as long long in order to support timestamps beyond 2038. As this is an elapsed time and not a timestamp, both fields should be within the range of long, so cast them to long before formatting rather than moving to long long. Signed-off-by: Ben Hutchings <ben.hutchings@mind.be> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2023-11-13T08:03:00+00:00 Takahiro Kuwano Takahiro.Kuwano@infineon.com 2023-11-07T09:23:57+00:00 urn:sha1:71edfe3b5a51ea9a7fac9760804db328ea1ec8a0 JFFS2 supports buffer mode for ECC'd NOR Flash that cleanmarker size is rounded up to mtd->writesize, while the '-j' option in flash_erase utility uses fixed 12 bytes. That makes flash program ops unaligned to mtd->writesize and causes program error or disables ECC. The mkfs.jffs2 utility supports '-c' option that allows users to specify cleanmarker size. This patch implements '-c' option in the flash_erase that can be used along with '-j' option. Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano@infineon.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2023-09-08T11:48:52+00:00 Piotr Esden-Tempski piotr@esden.net 2023-09-01T00:55:03+00:00 urn:sha1:aaa77f94ce6e03d9730f62004347ec2bbf11cfb1 This option is useful for power fail resilient bootloader updates, for systems that check only the partition header for validity before attempting to load the bootloader. For example zynq. Postponing the write of a specified amount of bytes at the beginning of a bootloader makes sure a written bootloader slot is not considered valid until all the data is written. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> 2023-05-30T09:12:12+00:00 Brandon Maier brandon.maier@collins.com 2022-12-12T18:01:58+00:00 urn:sha1:730148bc94411f13a0171204e872b0760fbde185 This introduces a new feature to the MTD command line utilities that allows MTD devices to be referenced by name instead of device node. For example this looks like: > # Display info for the MTD device with name "data" > mtdinfo mtd:data > # Copy file to MTD device with name "data" > flashcp /my/file mtd:data This follows the syntax supported by the kernel which allows MTD device's to be mounted by name[1]. Add the function mtd_find_dev_node() that accepts an MTD "identifier" and returns the MTD's device node. The function accepts a string starting with "mtd:" which it treats as the MTD's name. It then attempts to search for the MTD, and if found maps it back to the /dev/mtdX device node. If the string does not start with "mtd:", then assume it's the old style and refers directly to a MTD device node. The function is then hooked into existing tools like flashcp, mtdinfo, flash_unlock, etc. To load in the new MTD parsing code in a consistent way across programs. [1] http://www.linux-mtd.infradead.org/faq/jffs2.html#L_mtdblock Signed-off-by: Brandon Maier <brandon.maier@collins.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>