The value of an arithmetic expression directory * master->erasesize is
subject to overflow due to a failure to cast operands to a larger data
type before perfroming arithmetic

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Denis Arefev <arefev@swemel.ru>
---
 drivers/mtd/parsers/redboot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mtd/parsers/redboot.c b/drivers/mtd/parsers/redboot.c
index 3b55b676ca6b..c8f7e7b351d7 100644
--- a/drivers/mtd/parsers/redboot.c
+++ b/drivers/mtd/parsers/redboot.c
@@ -92,7 +92,7 @@ static int parse_redboot_partitions(struct mtd_info *master,
 	parse_redboot_of(master);
 
 	if (directory < 0) {
-		offset = master->size + directory * master->erasesize;
+		offset = master->size + (unsigned long) directory * master->erasesize;
 		while (mtd_block_isbad(master, offset)) {
 			if (!offset) {
 nogood:
-- 
2.25.1

On 10.09.2024 13:11, Denis Arefev wrote:
> The value of an arithmetic expression directory * master->erasesize is
> subject to overflow due to a failure to cast operands to a larger data
> type before perfroming arithmetic
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Denis Arefev <arefev@swemel.ru>
> ---
>  drivers/mtd/parsers/redboot.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/mtd/parsers/redboot.c b/drivers/mtd/parsers/redboot.c
> index 3b55b676ca6b..c8f7e7b351d7 100644
> --- a/drivers/mtd/parsers/redboot.c
> +++ b/drivers/mtd/parsers/redboot.c
> @@ -92,7 +92,7 @@ static int parse_redboot_partitions(struct mtd_info *master,
>  	parse_redboot_of(master);
>  
>  	if (directory < 0) {
> -		offset = master->size + directory * master->erasesize;
> +		offset = master->size + (unsigned long) directory * master->erasesize;
>  		while (mtd_block_isbad(master, offset)) {
>  			if (!offset) {
>  nogood:
> 

I guess the message has been sent by a mistake, the patch is already
upstream 1162bc2f8f5de7da23d18aa4b7fbd4e93c369c50