misc-utils: flash_erase: FIX integer overflow in flash_erase.c

Report of the static analyzer:
The value of an arithmetic expression 'eb_cnt * mtd.eb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic

Corrections explained:
Added explicit casting of eb_cnt to long long in the condition
if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size)
to ensure the multiplication is performed in a 64-bit context,
preventing potential overflow for large values of eb_cnt and mtd.eb_size.
This ensures correct handling of devices with large block counts or block sizes.

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/misc-utils/flash_erase.c b/misc-utils/flash_erase.c
index c6f6f66b7a5a17d15a452d7d6c4d449ed236ebbf..36f8d57cff3aeae6601975121dc5b9ca208b196c 100644 (file)
--- a/misc-utils/flash_erase.c
+++ b/misc-utils/flash_erase.c
@@ -239,7 +239,7 @@ int main(int argc, char *argv[])
        if (eb_cnt == 0)
                eb_cnt = (mtd.size / mtd.eb_size) - eb_start;
 
-       if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size)
+       if (eb_start == 0 && mtd.size == (long long)eb_cnt * mtd.eb_size)
                erase_chip = true;
 
        /* If MTD device may have bad eraseblocks,