From 36d1ba9ba75e45da5ff049f4a4bec4ea576a9689 Mon Sep 17 00:00:00 2001
From: Anton Moryakov <ant.v.moryakov@gmail.com>
Date: Tue, 10 Dec 2024 03:07:26 +0300
Subject: ubi-utils: ubirsvol: Fix integer overflow in ubirsvol.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Report of the static analyzer:
The value of an arithmetic expression 'vol_info.leb_size * args.lebs' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic

Corrections explained:
The fix ensures values ​​are checked before multiplication.
Added casting vol_info.leb_size to long long

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 ubi-utils/ubirsvol.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ubi-utils/ubirsvol.c b/ubi-utils/ubirsvol.c
index 0854abc..73d2f68 100644
--- a/ubi-utils/ubirsvol.c
+++ b/ubi-utils/ubirsvol.c
@@ -231,7 +231,7 @@ int main(int argc, char * const argv[])
 	}
 
 	if (args.lebs != -1)
-		args.bytes = vol_info.leb_size * args.lebs;
+		args.bytes = (long long)vol_info.leb_size * args.lebs;
 
 	err = ubi_rsvol(libubi, args.node, args.vol_id, args.bytes);
 	if (err) {
-- 
cgit v1.2.3