Patchwork [MTD-UTILS] BUG: ubiformat fails on big partitions (>4Gio)

login
register
mail settings
Submitter Richard Genoud
Date Sept. 12, 2012, 2:37 p.m.
Message ID <1347460639-3241-1-git-send-email-richard.genoud@gmail.com>
Download mbox | patch
Permalink /patch/183390/
State Accepted
Commit 1d73b5ef185b10f44afb73b91c960c9e9e6d2bf6
Headers show

Comments

Richard Genoud - Sept. 12, 2012, 2:37 p.m.
The offset (which is 64bits when mtd-utils are not compile with
WITHOUT_LARGEFILE) is calculated like that:
offset = nb * size;
But nb and size are int, so on 32bits platforms, there's a possible
overflow.

So, it should be replace with:
offset = (off_t)nb * size;
If WITHOUT_LARGEFILE is defined, there still be an overflow, but it's
what we want, right ?

Cheney Chen tested an ubiformat on a NAND (5.9 GiB mtd part).

Reported-by: Cheney Chen <cheneychencl2012@gmail.com>
Tested-by: Cheney Chen <cheneychencl2012@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
---
 ubi-utils/libubigen.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
Artem Bityutskiy - Sept. 25, 2012, 2:05 p.m.
On Wed, 2012-09-12 at 16:37 +0200, Richard Genoud wrote:
> The offset (which is 64bits when mtd-utils are not compile with
> WITHOUT_LARGEFILE) is calculated like that:
> offset = nb * size;
> But nb and size are int, so on 32bits platforms, there's a possible
> overflow.

Pushed to mtd-utils.git, thanks!

Patch

diff --git a/ubi-utils/libubigen.c b/ubi-utils/libubigen.c
index 9eaa7f5..d2a949b 100644
--- a/ubi-utils/libubigen.c
+++ b/ubi-utils/libubigen.c
@@ -279,7 +279,7 @@  int ubigen_write_layout_vol(const struct ubigen_info *ui, int peb1, int peb2,
 	memset(outbuf + ui->data_offs + ui->vtbl_size, 0xFF,
 	       ui->peb_size - ui->data_offs - ui->vtbl_size);
 
-	seek = peb1 * ui->peb_size;
+	seek = (off_t) peb1 * ui->peb_size;
 	if (lseek(fd, seek, SEEK_SET) != seek) {
 		sys_errmsg("cannot seek output file");
 		goto out_free;
@@ -293,7 +293,7 @@  int ubigen_write_layout_vol(const struct ubigen_info *ui, int peb1, int peb2,
 		goto out_free;
 	}
 
-	seek = peb2 * ui->peb_size;
+	seek = (off_t) peb2 * ui->peb_size;
 	if (lseek(fd, seek, SEEK_SET) != seek) {
 		sys_errmsg("cannot seek output file");
 		goto out_free;