[v2,08/10] mtd-utils: nandwrite: prevent 32-bit overflow

Message ID	1289457101-24040-1-git-send-email-computersforpeace@gmail.com
State	Accepted
Commit	a188ff405000902139a46d9e3753cae0e1168d46
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: "Brian Norris" <computersforpeace@gmail.com> To: linux-mtd@lists.infradead.org Subject: [PATCH v2 08/10] mtd-utils: nandwrite: prevent 32-bit overflow Date: Wed, 10 Nov 2010 22:31:41 -0800 Message-ID: <1289457101-24040-1-git-send-email-computersforpeace@gmail.com> In-Reply-To: <AANLkTikCjW=P2ncq7E_4WLJtxzwPdaU4SWi1s-7Us7ZP@mail.gmail.com> References: <AANLkTikCjW=P2ncq7E_4WLJtxzwPdaU4SWi1s-7Us7ZP@mail.gmail.com> MIME-Version: 1.0 summary: Content analysis details: (1.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is freemail (computersforpeace[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL Cc: Brian Norris <computersforpeace@gmail.com>, David Woodhouse <dwmw2@infradead.org>, Mike Frysinger <vapier.adi@gmail.com>, Artem Bityutskiy <dedekind1@gmail.com> Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

1289457101-24040-1-git-send-email-computersforpeace@gmail.com

State

Accepted

Commit

a188ff405000902139a46d9e3753cae0e1168d46

Headers

From: "Brian Norris" <computersforpeace@gmail.com>
To: linux-mtd@lists.infradead.org
Subject: [PATCH v2 08/10] mtd-utils: nandwrite: prevent 32-bit overflow
Date: Wed, 10 Nov 2010 22:31:41 -0800
Message-ID: <1289457101-24040-1-git-send-email-computersforpeace@gmail.com>
In-Reply-To: <AANLkTikCjW=P2ncq7E_4WLJtxzwPdaU4SWi1s-7Us7ZP@mail.gmail.com>
References: <AANLkTikCjW=P2ncq7E_4WLJtxzwPdaU4SWi1s-7Us7ZP@mail.gmail.com>
MIME-Version: 1.0
Cc: Brian Norris <computersforpeace@gmail.com>,
	David Woodhouse <dwmw2@infradead.org>,
	Mike Frysinger <vapier.adi@gmail.com>,
	Artem Bityutskiy <dedekind1@gmail.com>
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: linux-mtd-bounces@lists.infradead.org
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

Brian Norris Nov. 11, 2010, 6:31 a.m. UTC

For large block- and page-sizes, the multiplication of ebsize_aligned
and pagelen can overflow a 32-bit integer.  This overflow can be
prevented by a simple change in order of operations (i.e., do division
first).

Since ebsize_aligned is always a multiple of mtd.min_io_size, this
produces no change in results.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
---
 nandwrite.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/nandwrite.c b/nandwrite.c
index 8ec5afe..aea7572 100644
--- a/nandwrite.c
+++ b/nandwrite.c
@@ -440,8 +440,13 @@  int main(int argc, char * const argv[])
 		goto closeall;
 	}
 
-	// Allocate a buffer big enough to contain all the data (OOB included) for one eraseblock
-	filebuf_max = pagelen * ebsize_aligned / mtd.min_io_size;
+	/*
+	 * Allocate a buffer big enough to contain all the data (OOB included)
+	 * for one eraseblock. The order of operations here matters; if ebsize
+	 * and pagelen are large enough, then "ebsize_aligned * pagelen" could
+	 * overflow a 32-bit data type.
+	 */
+	filebuf_max = ebsize_aligned / mtd.min_io_size * pagelen;
 	filebuf = xmalloc(filebuf_max);
 	erase_buffer(filebuf, filebuf_max);

[v2,08/10] mtd-utils: nandwrite: prevent 32-bit overflow

Commit Message

Patch