hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mtd: nand_bbt: fix theoretical integer overflow in BBT write 

This statement was written with a cast-to-loff_t to be sure to have a
full 64-bit mask. However, we don't account for the fact that
'1 << this->bbt_erase_shift' might already overflow.

This will not be a problem in practice, since eraseblocks should never
be anywhere near 4GiB. But we can do this for completeness, and quiet
Coverity in the meantime. CID #1226806.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
This commit is contained in:
Brian Norris 2015-02-28 02:13:13 -08:00
parent 83c59542d0
commit f5cd2ae1e4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/mtd/nand/nand_bbt.c
View File

@ -719,7 +719,7 @@ static int write_bbt(struct mtd_info *mtd, uint8_t *buf,
/* Must we save the block contents? */
if (td->options & NAND_BBT_SAVECONTENT) {
/* Make it block aligned */
to &= ~((loff_t)((1 << this->bbt_erase_shift) - 1));
to &= ~(((loff_t)1 << this->bbt_erase_shift) - 1);
len = 1 << this->bbt_erase_shift;
res = mtd_read(mtd, to, len, &retlen, buf);
if (res < 0) {