[PATCH 6.1 142/253] mtd: fix possible integer overflow in erase_xfer()