From patchwork Sat Dec 14 12:18:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Moryakov X-Patchwork-Id: 2023287 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=lEPP9/xu; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=QMYfA1+G; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y9QHG4VCtz1yRW for ; Sat, 14 Dec 2024 23:19:06 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=IivTii0qHLjqaloWpSRPxZp3R0wGRBmdCTw8xbzheWU=; b=lEPP9/xutgguA+ fydPBXDi/h4ZnwCOa6tgVPF06/6mSD6fcmqM45+HmtOEJRv0bDrha8Azb2vw70mZVCBK1r9jrBX2Y J+jKOfzGz4qpwrnJPQbdLelxoHaelJp7EEQHqkre1umoj3s8gVB9oFDjJkl4Bc7hatC21Nbt898Mq SujsbiNAOZRXdj+ZD3CtRkOfJL/MVn7odg4SVXU/+Y9VsfTWHMAzol/Q4cIw6BEdIg89blxQRwXxW fecbdNpvzIk8/x3qmCQIfBAs1HbyROOVT9xVC+fxJWD/PiMu+Nbwp8j7BoRVrcmSnlsbila14/ujn PUhRFVzypICpqyTd10cA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tMR6m-00000006JMJ-3rEK; Sat, 14 Dec 2024 12:18:56 +0000 Received: from mail-lf1-x12f.google.com ([2a00:1450:4864:20::12f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tMR6k-00000006JLw-2Mq7 for linux-mtd@lists.infradead.org; Sat, 14 Dec 2024 12:18:55 +0000 Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-5401d3ea5a1so2908321e87.3 for ; Sat, 14 Dec 2024 04:18:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734178732; x=1734783532; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=lzHxvKmeSg8nbQ6m5KIhrKUUGfH08pUFVwHbWUg5RII=; b=QMYfA1+GBFzY0YRjAEWyChXcUfGGBhW8vZ56D15UJ2KGOyf2UdsXJfUW0IOLCR8KHJ IwtbMdyVeAO4kGPHfbkD+nRJcYWJWM87s66npZmTb4i+I/CH+ROLpUvwUgsvqBIL6QVL 5dftareABcofiwJ6PVqu4w4w2aT+GnglS3UuXIjR3NiGxGUgR1dj0dS+ImzTpYWcJ06h Ykm6KDzubxKrcaor+0rAYLfdWB84bm218RElTf6I0wEo+pPW8uwc39jUy9A5omSd6OJH gbA5wKAdZdBB3at36uXT1arRUcibNgdkhMx0N8Vo7Qle+JZs1wqQiQMwzScph2/a6S20 7UEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734178732; x=1734783532; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lzHxvKmeSg8nbQ6m5KIhrKUUGfH08pUFVwHbWUg5RII=; b=SEiz2ve3SZdt689Gws0Y10nMSADt5igUye6dr1COsPuoBZ0SDeUAbto0c9cpsf+Qrb FOzExJp43QwQLWP4uWo8aoVb4dTtbYyqXC/inTC8CaOFE38VqqPcACc9BnJ4khOZB1F8 MBSwwDclppk8IsB0eT+XxustAkarS6lf0brlBVs6H2U9dwDrvOreL+L5mjSZtf3wFuw1 0sAPpBk1zBNzM0HWOkwFbhb+90AeDyiV9KNkqcBWnhIXDh263D5z7uxDa5SBuJ6vuPyV MJVog7YZLe8qS6Cc/TAKgp9HgSzFZK5XlBCTDvG/nUuP6iBmn9u1Wf1pfYVd8gHTRLLq TCZQ== X-Forwarded-Encrypted: i=1; AJvYcCX3fpSUQjVTYsil/qu5pSWMaxO3+r/7MK5EgnamKB7fzsdzSwBgqh7sWV6Zv3p+TO2R50PJ2uZKgH4=@lists.infradead.org X-Gm-Message-State: AOJu0YzqW2j8O8Wk6hyFn3JrCtVyk58tlsJzPkT//rVoE8NHs51OZ1kw sK5G63tKeyhycMJMDyywhWB+NLJLNb4gDrfiLxeuzU16EW6IJItJUZlIMxowWnwPaw== X-Gm-Gg: ASbGncuyW+cs2RnmN+vD80nD342J8J8e4trj6WWwNRHI9IUKRsPlT7YTCYv0Gxzjwd0 f7BX+vgvL5Or/6yC6GL5MyXgIlvmx8mgmDNjrmS1NFrXzcEeWS9Ro4yA6ZbARdVFNqguF24AgvQ HIAwLmarRjV2vZrY1tgthVfB6z5cvYD2sQiiwCnhiFa9Fwi/cFjZbf5K73RDwVrv9VY2SPF59Hj nB2scABKAY0WnLenH8q08SuhWKCrV+6iP6asjTuoKWxr0igs6GNDh3NauthIP7YO1w6WPnr91f/ NA3DVYh31e0wSUdIQYQsu1ARUF0F3VNmb6Zkt1o= X-Google-Smtp-Source: AGHT+IHwDGqBF1WENRrFeiVOhxVeU9cplaCy0Oi2sP45rPaRY42TDItfKV90nJtL5YGlL0q5RAtKVA== X-Received: by 2002:a05:6512:280a:b0:540:5b5c:c181 with SMTP id 2adb3069b0e04-5408b800764mr1969406e87.6.1734178731989; Sat, 14 Dec 2024 04:18:51 -0800 (PST) Received: from astra-student.rasu.local (109-252-122-202.nat.spd-mgts.ru. [109.252.122.202]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-54120c0023fsm195039e87.124.2024.12.14.04.18.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Dec 2024 04:18:51 -0800 (PST) From: Anton Moryakov To: chengzhihao1@huawei.com, linux-mtd@lists.infradead.org Cc: Anton Moryakov Subject: [PATCH mtd-utils] nand-utils: Fix integer overflow in nandflipbits.c Date: Sat, 14 Dec 2024 15:18:35 +0300 Message-Id: <20241214121835.69687-1-ant.v.moryakov@gmail.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241214_041854_603877_7F723889 X-CRM114-Status: UNSURE ( 9.91 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.1 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Report of the static analyzer: The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type befor [...] Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [ant.v.moryakov(at)gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:12f listed in] [list.dnswl.org] X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Report of the static analyzer: The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type before performing arith$ Corrections explained: Prevent arithmetic overflow in OOB read operation Resolved an issue where the calculation of the offset in the OOB read operation could overflow due to operands not being cast to a larger data type. Specifically, the multiplication of bi$ Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov Reviewed-by: Zhihao Cheng --- nand-utils/nandflipbits.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nand-utils/nandflipbits.c b/nand-utils/nandflipbits.c index 7066408..ef663c6 100644 --- a/nand-utils/nandflipbits.c +++ b/nand-utils/nandflipbits.c @@ -251,7 +251,7 @@ int main(int argc, char **argv) bufoffs += mtd.min_io_size; ret = mtd_read_oob(mtd_desc, &mtd, fd, - bit_to_flip->block * mtd.eb_size + + (unsigned long long)bit_to_flip->block * mtd.eb_size + blkoffs, mtd.oob_size, buffer + bufoffs); if (ret) {