[PATCH 6.6 111/262] mtd: fix possible integer overflow in erase_xfer()