diff options
| author | Anton Moryakov <ant.v.moryakov@gmail.com> | 2024-12-11 17:04:03 +0300 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2024-12-17 14:34:22 +0100 |
| commit | cf3b826cac649caac853bc319b19be133372166f (patch) | |
| tree | bfb27f4b1285bc82b8850fecbfb2b6ce5c46c1ec | |
| parent | 36d1ba9ba75e45da5ff049f4a4bec4ea576a9689 (diff) | |
misc-utils: flash_erase: FIX integer overflow in flash_erase.c
Report of the static analyzer:
The value of an arithmetic expression 'eb_cnt * mtd.eb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic
Corrections explained:
Added explicit casting of eb_cnt to long long in the condition
if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size)
to ensure the multiplication is performed in a 64-bit context,
preventing potential overflow for large values of eb_cnt and mtd.eb_size.
This ensures correct handling of devices with large block counts or block sizes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
| -rw-r--r-- | misc-utils/flash_erase.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/misc-utils/flash_erase.c b/misc-utils/flash_erase.c index c6f6f66..36f8d57 100644 --- a/misc-utils/flash_erase.c +++ b/misc-utils/flash_erase.c @@ -239,7 +239,7 @@ int main(int argc, char *argv[]) if (eb_cnt == 0) eb_cnt = (mtd.size / mtd.eb_size) - eb_start; - if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size) + if (eb_start == 0 && mtd.size == (long long)eb_cnt * mtd.eb_size) erase_chip = true; /* If MTD device may have bad eraseblocks, |