aboutsummaryrefslogtreecommitdiff
path: root/nand-utils
diff options
context:
space:
mode:
authorAnton Moryakov <ant.v.moryakov@gmail.com>2024-12-14 15:18:35 +0300
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2024-12-17 14:34:23 +0100
commitd4710ca5b5105d998e042a77cb66a2a5ac7bafb5 (patch)
treeb013b3c206c389ccf30b1ed12afb15a298fafe3d /nand-utils
parentcf3b826cac649caac853bc319b19be133372166f (diff)
nand-utils: Fix integer overflow in nandflipbits.c
Report of the static analyzer: The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type before performing arith$ Corrections explained: Prevent arithmetic overflow in OOB read operation Resolved an issue where the calculation of the offset in the OOB read operation could overflow due to operands not being cast to a larger data type. Specifically, the multiplication of bi$ Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'nand-utils')
-rw-r--r--nand-utils/nandflipbits.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/nand-utils/nandflipbits.c b/nand-utils/nandflipbits.c
index 7066408..a417189 100644
--- a/nand-utils/nandflipbits.c
+++ b/nand-utils/nandflipbits.c
@@ -251,7 +251,7 @@ int main(int argc, char **argv)
bufoffs += mtd.min_io_size;
ret = mtd_read_oob(mtd_desc, &mtd, fd,
- bit_to_flip->block * mtd.eb_size +
+ (unsigned long long)bit_to_flip->block * mtd.eb_size +
blkoffs,
mtd.oob_size, buffer + bufoffs);
if (ret) {