From 78f4f38bd3de8b5c590cbc09ce43812306207d95 Mon Sep 17 00:00:00 2001 From: Anton Moryakov Date: Sat, 14 Dec 2024 15:31:05 +0300 Subject: ubi-utils: Fix integer overflow in mtdinfo.c Report of the static analyzer: The value of an arithmetic expression 'reginfo->offset + i * reginfo->erasesize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: Added casting i and start to unsigned long long Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer --- ubi-utils/mtdinfo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubi-utils/mtdinfo.c b/ubi-utils/mtdinfo.c index 7dff0de..12d35eb 100644 --- a/ubi-utils/mtdinfo.c +++ b/ubi-utils/mtdinfo.c @@ -185,7 +185,7 @@ static void print_ubi_info(const struct mtd_info *mtd_info, static void print_region_map(const struct mtd_dev_info *mtd, int fd, const region_info_t *reginfo) { - unsigned long start; + unsigned long long start; int i, width; int ret_locked, errno_locked, ret_bad, errno_bad; @@ -203,7 +203,7 @@ static void print_region_map(const struct mtd_dev_info *mtd, int fd, ret_locked = ret_bad = errno_locked = errno_bad = 0; for (i = 0; i < reginfo->numblocks; ++i) { - start = reginfo->offset + i * reginfo->erasesize; + start = reginfo->offset + (unsigned long long)i * reginfo->erasesize; printf(" %*i: %08lx ", width, i, start); if (ret_locked != -1) { -- cgit v1.2.3