diff options
| author | Miquel Raynal <miquel.raynal@bootlin.com> | 2018-11-18 23:18:31 +0300 |
|---|---|---|
| committer | Boris Brezillon <boris.brezillon@bootlin.com> | 2018-12-02 11:20:41 +0300 |
| commit | 89f706dbd54faf2da1cb5bea9abc07b00c36ef69 (patch) | |
| tree | 67612e275e1e586cc157656553e28d38c7bbf4d5 /drivers/mtd/mtdcore.c | |
| parent | 4348433d8c0234f44adb6e12112e69343f50f0c5 (diff) | |
| download | linux-89f706dbd54faf2da1cb5bea9abc07b00c36ef69.tar.xz | |
mtd: fix Coverity integer handling issue
A Coverity robot reported an integer handling issue
(OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) *
mtd_oobavail(mtd, ops)
While such overflow will certainly never happen due to the numbers
handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the
result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the
type of the variable to a size_t. This will not fix anything but will
clarify a bit the situation. Then, do an explicit cast to fix Coverity
warning.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Diffstat (limited to 'drivers/mtd/mtdcore.c')
| -rw-r--r-- | drivers/mtd/mtdcore.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 97ac219c082e..afb4b17fb670 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -1136,13 +1136,13 @@ static int mtd_check_oob_ops(struct mtd_info *mtd, loff_t offs, return -EINVAL; if (ops->ooblen) { - u64 maxooblen; + size_t maxooblen; if (ops->ooboffs >= mtd_oobavail(mtd, ops)) return -EINVAL; - maxooblen = ((mtd_div_by_ws(mtd->size, mtd) - - mtd_div_by_ws(offs, mtd)) * + maxooblen = ((size_t)(mtd_div_by_ws(mtd->size, mtd) - + mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)) - ops->ooboffs; if (ops->ooblen > maxooblen) return -EINVAL; |