From patchwork Thu Nov 11 06:31:41 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Norris X-Patchwork-Id: 70777 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from canuck.infradead.org (canuck.infradead.org [134.117.69.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 2DA28B7112 for ; Thu, 11 Nov 2010 17:44:39 +1100 (EST) Received: from localhost ([127.0.0.1] helo=canuck.infradead.org) by canuck.infradead.org with esmtp (Exim 4.72 #1 (Red Hat Linux)) id 1PGQmn-0004p5-KA; Thu, 11 Nov 2010 06:37:29 +0000 Received: from mms2.broadcom.com ([216.31.210.18]) by canuck.infradead.org with esmtp (Exim 4.72 #1 (Red Hat Linux)) id 1PGQmh-0004om-Kl for linux-mtd@lists.infradead.org; Thu, 11 Nov 2010 06:37:24 +0000 Received: from [10.9.200.131] by mms2.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.3.2)); Wed, 10 Nov 2010 22:37:12 -0800 X-Server-Uuid: D3C04415-6FA8-4F2C-93C1-920E106A2031 Received: from mail-irva-12.broadcom.com (10.11.16.101) by IRVEXCHHUB01.corp.ad.broadcom.com (10.9.200.131) with Microsoft SMTP Server id 8.2.247.2; Wed, 10 Nov 2010 22:37:12 -0800 Received: from localhost.localdomain (ld-irv-0074.broadcom.com [10.12.160.50]) by mail-irva-12.broadcom.com (Postfix) with ESMTP id 7C51469CAB; Wed, 10 Nov 2010 22:37:12 -0800 (PST) From: "Brian Norris" To: linux-mtd@lists.infradead.org Subject: [PATCH v2 08/10] mtd-utils: nandwrite: prevent 32-bit overflow Date: Wed, 10 Nov 2010 22:31:41 -0800 Message-ID: <1289457101-24040-1-git-send-email-computersforpeace@gmail.com> X-Mailer: git-send-email 1.7.0.4 In-Reply-To: References: MIME-Version: 1.0 X-WSS-ID: 60C550920C01875464-01-01 X-CRM114-Version: 20090807-BlameThorstenAndJenny ( TRE 0.7.6 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20101111_013723_916515_FF5B39BF X-CRM114-Status: GOOD ( 12.99 ) X-Spam-Score: 1.2 (+) X-Spam-Report: SpamAssassin version 3.3.1 on canuck.infradead.org summary: Content analysis details: (1.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is freemail (computersforpeace[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL Cc: Brian Norris , David Woodhouse , Mike Frysinger , Artem Bityutskiy X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org For large block- and page-sizes, the multiplication of ebsize_aligned and pagelen can overflow a 32-bit integer. This overflow can be prevented by a simple change in order of operations (i.e., do division first). Since ebsize_aligned is always a multiple of mtd.min_io_size, this produces no change in results. Signed-off-by: Brian Norris --- nandwrite.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/nandwrite.c b/nandwrite.c index 8ec5afe..aea7572 100644 --- a/nandwrite.c +++ b/nandwrite.c @@ -440,8 +440,13 @@ int main(int argc, char * const argv[]) goto closeall; } - // Allocate a buffer big enough to contain all the data (OOB included) for one eraseblock - filebuf_max = pagelen * ebsize_aligned / mtd.min_io_size; + /* + * Allocate a buffer big enough to contain all the data (OOB included) + * for one eraseblock. The order of operations here matters; if ebsize + * and pagelen are large enough, then "ebsize_aligned * pagelen" could + * overflow a 32-bit data type. + */ + filebuf_max = ebsize_aligned / mtd.min_io_size * pagelen; filebuf = xmalloc(filebuf_max); erase_buffer(filebuf, filebuf_max);