[U-Boot] [PATCH 2/2] mtd: fix Coverity integer handling issue

Miquel Raynal miquel.raynal at bootlin.com
Sun Nov 18 20:11:47 UTC 2018


A Coverity robot reported an integer handling issue
(OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:

    (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) *
    mtd_oobavail(mtd, ops)

While such overflow will certainly never happen due to the numbers
handled, it is cleaner to fix this operation anyway.

The problem is that all the maths include 32-bit quantities, while the
result is stored in an explicit 64-bit value.

As maxooblen will just be compared with a size_t, let's change the
type of the variable to a size_t. This will not fix anything but will
clarify a bit the situation. Then, do an explicit cast to fix Coverity
warning.

Addresses-Coverity-ID: 184180 ("Integer handling issues")
Signed-off-by: Miquel Raynal <miquel.raynal at bootlin.com>
---
 drivers/mtd/mtdcore.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c
index fb6c779abb..df12535d32 100644
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -1030,13 +1030,13 @@ static int mtd_check_oob_ops(struct mtd_info *mtd, loff_t offs,
 		return -EINVAL;
 
 	if (ops->ooblen) {
-		u64 maxooblen;
+		size_t maxooblen;
 
 		if (ops->ooboffs >= mtd_oobavail(mtd, ops))
 			return -EINVAL;
 
-		maxooblen = ((mtd_div_by_ws(mtd->size, mtd) -
-			      mtd_div_by_ws(offs, mtd)) *
+		maxooblen = ((size_t)(mtd_div_by_ws(mtd->size, mtd) -
+				      mtd_div_by_ws(offs, mtd)) *
 			     mtd_oobavail(mtd, ops)) - ops->ooboffs;
 		if (ops->ooblen > maxooblen)
 			return -EINVAL;
-- 
2.17.1



More information about the U-Boot mailing list