From d4710ca5b5105d998e042a77cb66a2a5ac7bafb5 Mon Sep 17 00:00:00 2001 From: Anton Moryakov Date: Sat, 14 Dec 2024 15:18:35 +0300 Subject: nand-utils: Fix integer overflow in nandflipbits.c Report of the static analyzer: The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type before performing arith$ Corrections explained: Prevent arithmetic overflow in OOB read operation Resolved an issue where the calculation of the offset in the OOB read operation could overflow due to operands not being cast to a larger data type. Specifically, the multiplication of bi$ Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer --- nand-utils/nandflipbits.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nand-utils/nandflipbits.c') diff --git a/nand-utils/nandflipbits.c b/nand-utils/nandflipbits.c index 7066408..a417189 100644 --- a/nand-utils/nandflipbits.c +++ b/nand-utils/nandflipbits.c @@ -251,7 +251,7 @@ int main(int argc, char **argv) bufoffs += mtd.min_io_size; ret = mtd_read_oob(mtd_desc, &mtd, fd, - bit_to_flip->block * mtd.eb_size + + (unsigned long long)bit_to_flip->block * mtd.eb_size + blkoffs, mtd.oob_size, buffer + bufoffs); if (ret) { -- cgit v1.2.3