| Message ID | 20241207141855.240376-1-ant.v.moryakov@gmail.com |
|---|---|
| State | Superseded |
| Delegated to: | David Oberhollenzer |
| Headers | show
Return-Path:
<linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=g5CYd6HT;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=NH9DOdfh;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y59Hz6d1Wz1yRK
for <incoming@patchwork.ozlabs.org>; Sun, 8 Dec 2024 01:19:59 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Owner; bh=vpNhe4y09Xqmdb8yuHo4dRJCiuL72+dwShkE3GDXDSM=; b=g5CYd6HTVqc794
iYQYmIxlMHKQl5vQC+DksGsbJ819ao5wxSgCIjdCVFfvzshK6b2qVQSIAWl/4XuLj49P8zqKJDNZl
1UPYh38Lmh+1OGUpjhMZ3zW6pjpqYQgyXolZ9dLeH9w0Sm+gICRksMPh/1j1i/Jy1bq6Pkgh6NWOc
Ik2DRT9bFq4LH0M+GVmCjVVDoTBPG9Y8/N5svwfOwi2VgXH65/YKq/QfqbFmkZI0MNyHuqcMf5lQz
ZV4yQP1ywWAyWMTtSQ+JeHVn8z7gNLAlPazBfeiTM7t9tjw3nw3s0QhJrc/WN8v2xWd1B/lhbtr0E
/nEOWfLTdih254FymphA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
id 1tJveg-000000041Wm-0KsK;
Sat, 07 Dec 2024 14:19:34 +0000
Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135])
by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
id 1tJve4-000000041V0-2yDD
for linux-mtd@lists.infradead.org;
Sat, 07 Dec 2024 14:18:57 +0000
Received: by mail-lf1-x135.google.com with SMTP id
2adb3069b0e04-53e2baf3160so2287382e87.0
for <linux-mtd@lists.infradead.org>;
Sat, 07 Dec 2024 06:18:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1733581134; x=1734185934;
darn=lists.infradead.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=WacOwFXFuO287Gta3CgDPTD8xJO9G5zWW+G8MYC/y6E=;
b=NH9DOdfhQdL4NOyNDdn5yQNpmJnEsq0rvH6nzBRS1Wc4sFNVKmu2GbiXY4MAVmLXDu
4/ioNCUaReUSMkcJ6XdUm/JwDIuDAm8dbxgGRSNaB6FCYwq4uZlAN9YIVUPbC77ZFRIF
rhnJe61KFIJeMGofsV9FvMXpVkfKA6UhWFoBxVyo7qqzDRuSX73EHGdjLku5QdSFUMul
/rX+1shkboH/UZRrHVwGWPOE75xsxVTmYLHuCHFWOfvpK9LVnniu2a7VdRO2o1H8SYFJ
NoqsED9f1RrbdkLYJMwtHLOlEtsQeW4PzNh+baoTKO3BFbY7ByXL/SPhd4jagzk1oq7X
X6qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1733581134; x=1734185934;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=WacOwFXFuO287Gta3CgDPTD8xJO9G5zWW+G8MYC/y6E=;
b=PqqtPeXXJr1IBOD5NxinxMtqMVTV0aIR+/PRpTFKq5d+nMVlGJVtlONToL8dqgL/FM
ZK4vLeyeez5YN4kMOJGeEudUlvxgOSlmxB1wAZGyV00aulORZ65AdQrpMSX4vya/WH/q
QlhjDqZD6iiAVf3SLTQGvMZbB/PooYjV0Q75fBW3opzDMRL+oFZYcFh2iY1HReSlD+K4
nDt66zKyYbDEHB768xj+LdxbIAb17WOe4ok1BRlk0hrIzTNfu7VN6hbfs5KhUKT6YtPr
3vRcLZ1n+rywNVLEk187R0mfKQq8xcsmgm9Yx4TAyI3ixpRIU5skSy/J0va88cskfu+b
MIEQ==
X-Gm-Message-State: AOJu0YxZKb3W9DzrWRewofNmN63g35jzljK/QZsYMiOC6yDpdl/oBQxz
8MaGIrHaQ0E6rOmHIqcR/DPjLp4imHM7xaFCStWC0HMC4fsap+EgeuLT/A==
X-Gm-Gg: ASbGncuPkT7FTKsWns2MhYgmB11pDtiR5RI4XGYL73suuBlcYIo4rn99umaLcJ7mk7f
xEJkRG69zmLFl+uWno8w6EVYYuUXfzir/IRUUK4DZQehH5Uu7f7FEiyqSNt/6PoSpoymBSB2THG
FngbNkMIrnmpYkp1YgGg86gxvS6wdCJiM3gKyoQg/E410uX3+oUYwTsxIU/jI170pTKMSGExHMz
hBOzQFmyVKo3Wy9Da3ZQqdoVEvfJ22TQ5JwNTnpNfdddLYOOwEH88b3VyJLAZv6oL/MdSjmRuKH
zwVMjJE6POU4BHLSKIEkKmF0lmkEM1KO
X-Google-Smtp-Source:
AGHT+IEOfduWiUB8X/E7YEIwBH/W1jNaFzSGJu0vc7Vop+jHwpLgiOhDg1/AoaNL3orLxiJL/l65Hw==
X-Received: by 2002:a05:6512:1150:b0:53e:2978:d067 with SMTP id
2adb3069b0e04-53e2c2efb3amr3847546e87.49.1733581133272;
Sat, 07 Dec 2024 06:18:53 -0800 (PST)
Received: from astra-student.rasu.local (109-252-122-202.nat.spd-mgts.ru.
[109.252.122.202])
by smtp.gmail.com with ESMTPSA id
2adb3069b0e04-53e229ba9fcsm786250e87.113.2024.12.07.06.18.51
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 07 Dec 2024 06:18:52 -0800 (PST)
From: Anton Moryakov <ant.v.moryakov@gmail.com>
To: linux-mtd@lists.infradead.org
Cc: Anton Moryakov <ant.v.moryakov@gmail.com>
Subject: [PATCH mtd-utils] ubi-utils: ubirsvol: Fix integer overflow in
ubirsvol.c
Date: Sat, 7 Dec 2024 17:18:55 +0300
Message-Id: <20241207141855.240376-1-ant.v.moryakov@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20241207_061856_749194_175591CA
X-CRM114-Status: GOOD ( 10.27 )
X-Spam-Score: -2.1 (--)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Report of the static analyzer: The value of an arithmetic
expression 'vol_info.leb_size * args.lebs' is a subject to overflow because
its operands are not cast to a larger data type before performing [...]
Content analysis details: (-2.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[2a00:1450:4864:20:0:0:0:135 listed in]
[list.dnswl.org]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[ant.v.moryakov(at)gmail.com]
X-BeenThere: linux-mtd@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-mtd>,
<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-mtd/>
List-Post: <mailto:linux-mtd@lists.infradead.org>
List-Help: <mailto:linux-mtd-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>,
<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
[mtd-utils] ubi-utils: ubirsvol: Fix integer overflow in ubirsvol.c
|
expand
|
diff --git a/ubi-utils/ubirsvol.c b/ubi-utils/ubirsvol.c index 0854abc..87286d4 100644 --- a/ubi-utils/ubirsvol.c +++ b/ubi-utils/ubirsvol.c @@ -230,8 +230,10 @@ int main(int argc, char * const argv[]) } } - if (args.lebs != -1) - args.bytes = vol_info.leb_size * args.lebs; + if (args.lebs != -1){ + if(vol_info.leb_size > 0 && args.lebs > 0) + args.bytes = (long long)vol_info.leb_size * args.lebs; + } err = ubi_rsvol(libubi, args.node, args.vol_id, args.bytes); if (err) {
Report of the static analyzer: The value of an arithmetic expression 'vol_info.leb_size * args.lebs' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: the fix ensures values are checked before multiplication. an exception check for the negativity of vol_info.leb_size and args.lebs was added, as well as casting vol_info.leb_size to long long Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> --- ubi-utils/ubirsvol.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)