nand-utils: Fix integer overflow in nandflipbits.c

Report of the static analyzer:
The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type before performing arith$

Corrections explained:
Prevent arithmetic overflow in OOB read operation
Resolved an issue where the calculation of the offset in the OOB read operation could overflow due to operands not being cast to a larger data type. Specifically, the multiplication of bi$

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/nand-utils/nandflipbits.c b/nand-utils/nandflipbits.c
index 7066408e6c62a47f59b5c9a1de44167b0de51b91..a4171893fc6077fb00cc78e2bb4aedbe06427980 100644 (file)
--- a/nand-utils/nandflipbits.c
+++ b/nand-utils/nandflipbits.c
@@ -251,7 +251,7 @@ int main(int argc, char **argv)
                        bufoffs += mtd.min_io_size;
 
                        ret = mtd_read_oob(mtd_desc, &mtd, fd,
-                                          bit_to_flip->block * mtd.eb_size +
+                                          (unsigned long long)bit_to_flip->block * mtd.eb_size +
                                           blkoffs,
                                           mtd.oob_size, buffer + bufoffs);
                        if (ret) {