From 78f4f38bd3de8b5c590cbc09ce43812306207d95 Mon Sep 17 00:00:00 2001
From: Anton Moryakov <ant.v.moryakov@gmail.com>
Date: Sat, 14 Dec 2024 15:31:05 +0300
Subject: ubi-utils: Fix integer overflow in mtdinfo.c

Report of the static analyzer:
The value of an arithmetic expression 'reginfo->offset + i * reginfo->erasesize' is a subject to overflow
because its operands are not cast to a larger data type before performing arithmetic

Corrections explained:
Added casting i and start to unsigned long long

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 ubi-utils/mtdinfo.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ubi-utils/mtdinfo.c b/ubi-utils/mtdinfo.c
index 7dff0de..12d35eb 100644
--- a/ubi-utils/mtdinfo.c
+++ b/ubi-utils/mtdinfo.c
@@ -185,7 +185,7 @@ static void print_ubi_info(const struct mtd_info *mtd_info,
 static void print_region_map(const struct mtd_dev_info *mtd, int fd,
 			     const region_info_t *reginfo)
 {
-	unsigned long start;
+	unsigned long long start;
 	int i, width;
 	int ret_locked, errno_locked, ret_bad, errno_bad;
 
@@ -203,7 +203,7 @@ static void print_region_map(const struct mtd_dev_info *mtd, int fd,
 		ret_locked = ret_bad = errno_locked = errno_bad = 0;
 
 	for (i = 0; i < reginfo->numblocks; ++i) {
-		start = reginfo->offset + i * reginfo->erasesize;
+		start = reginfo->offset + (unsigned long long)i * reginfo->erasesize;
 		printf(" %*i: %08lx ", width, i, start);
 
 		if (ret_locked != -1) {
-- 
cgit v1.2.3