From cf3b826cac649caac853bc319b19be133372166f Mon Sep 17 00:00:00 2001 From: Anton Moryakov Date: Wed, 11 Dec 2024 17:04:03 +0300 Subject: misc-utils: flash_erase: FIX integer overflow in flash_erase.c Report of the static analyzer: The value of an arithmetic expression 'eb_cnt * mtd.eb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: Added explicit casting of eb_cnt to long long in the condition if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size) to ensure the multiplication is performed in a 64-bit context, preventing potential overflow for large values of eb_cnt and mtd.eb_size. This ensures correct handling of devices with large block counts or block sizes. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer --- misc-utils/flash_erase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'misc-utils/flash_erase.c') diff --git a/misc-utils/flash_erase.c b/misc-utils/flash_erase.c index c6f6f66..36f8d57 100644 --- a/misc-utils/flash_erase.c +++ b/misc-utils/flash_erase.c @@ -239,7 +239,7 @@ int main(int argc, char *argv[]) if (eb_cnt == 0) eb_cnt = (mtd.size / mtd.eb_size) - eb_start; - if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size) + if (eb_start == 0 && mtd.size == (long long)eb_cnt * mtd.eb_size) erase_chip = true; /* If MTD device may have bad eraseblocks, -- cgit v1.2.3