[PATCH 6.12 015/114] mtd: diskonchip: Cast an operand to prevent potential overflow

30 Dec 2024

6.12-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Zichen Xie zichenxie0106@gmail.com
commit 9b458e8be0d13e81ed03fffa23f8f9b528bbd786 upstream.
There may be a potential integer overflow issue in inftl_partscan().
parts[0].size is defined as "uint64_t"  while mtd->erasesize and
ip->firstUnit are defined as 32-bit unsigned integer. The result of
the calculation will be limited to 32 bits without correct casting.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Zichen Xie zichenxie0106@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 drivers/mtd/nand/raw/diskonchip.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mtd/nand/raw/diskonchip.c
+++ b/drivers/mtd/nand/raw/diskonchip.c
@@ -1098,7 +1098,7 @@ static inline int __init inftl_partscan(
    	    (i == 0) && (ip->firstUnit > 0)) {
    		parts[0].name = " DiskOnChip IPL / Media Header partition";
    		parts[0].offset = 0;
-			parts[0].size = mtd->erasesize * ip->firstUnit;
+			parts[0].size = (uint64_t)mtd->erasesize * ip->firstUnit;
    		numparts = 1;
    	}

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.12 015/114] mtd: diskonchip: Cast an operand to prevent potential overflow