[PATCH 6.16 311/627] mtd: fix possible integer overflow in erase_xfer()