| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <396dc03f-b4dd-0644-f50a-18613730845c@ispras.ru>
Date: Wed, 25 Sep 2024 13:38:40 +0300
From: Alexey Khoroshilov <khoroshilov@...ras.ru>
To: Denis Arefev <arefev@...mel.ru>, Miquel Raynal <miquel.raynal@...tlin.com>
Cc: lvc-project@...uxtesting.org, Richard Weinberger <richard@....at>,
linux-mtd@...ts.infradead.org, Vignesh Raghavendra <vigneshr@...com>,
linux-kernel@...r.kernel.org
Subject: Re: [lvc-project] [PATCH] mtd: partitions: redboot: Added conversion
of operands to a larger type
On 10.09.2024 13:11, Denis Arefev wrote:
> The value of an arithmetic expression directory * master->erasesize is
> subject to overflow due to a failure to cast operands to a larger data
> type before perfroming arithmetic
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Denis Arefev <arefev@...mel.ru>
> ---
> drivers/mtd/parsers/redboot.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/parsers/redboot.c b/drivers/mtd/parsers/redboot.c
> index 3b55b676ca6b..c8f7e7b351d7 100644
> --- a/drivers/mtd/parsers/redboot.c
> +++ b/drivers/mtd/parsers/redboot.c
> @@ -92,7 +92,7 @@ static int parse_redboot_partitions(struct mtd_info *master,
> parse_redboot_of(master);
>
> if (directory < 0) {
> - offset = master->size + directory * master->erasesize;
> + offset = master->size + (unsigned long) directory * master->erasesize;
> while (mtd_block_isbad(master, offset)) {
> if (!offset) {
> nogood:
>
I guess the message has been sent by a mistake, the patch is already
upstream 1162bc2f8f5de7da23d18aa4b7fbd4e93c369c50
Powered by blists - more mailing lists