From 36d1ba9ba75e45da5ff049f4a4bec4ea576a9689 Mon Sep 17 00:00:00 2001 From: Anton Moryakov Date: Tue, 10 Dec 2024 03:07:26 +0300 Subject: ubi-utils: ubirsvol: Fix integer overflow in ubirsvol.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Report of the static analyzer: The value of an arithmetic expression 'vol_info.leb_size * args.lebs' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: The fix ensures values ​​are checked before multiplication. Added casting vol_info.leb_size to long long Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov Reviewed-by: Zhihao Cheng Signed-off-by: David Oberhollenzer --- ubi-utils/ubirsvol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ubi-utils/ubirsvol.c') diff --git a/ubi-utils/ubirsvol.c b/ubi-utils/ubirsvol.c index 0854abc..73d2f68 100644 --- a/ubi-utils/ubirsvol.c +++ b/ubi-utils/ubirsvol.c @@ -231,7 +231,7 @@ int main(int argc, char * const argv[]) } if (args.lebs != -1) - args.bytes = vol_info.leb_size * args.lebs; + args.bytes = (long long)vol_info.leb_size * args.lebs; err = ubi_rsvol(libubi, args.node, args.vol_id, args.bytes); if (err) { -- cgit v1.2.3