lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mtd: tests: fix integer overflow issues

Browse Source 
These multiplications are done with 32-bit arithmetic, then converted to
64-bit. We should widen the integers first to prevent overflow. This
could be a problem for large (>4GB) MTD's.

Detected by Coverity.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
This commit is contained in:
Brian Norris 2014-07-21 19:07:12 -07:00
parent 8c3f3f1d79
commit 1001ff7a4f
7 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/mtd/tests/mtd_test.c
View File

@ -10,7 +10,7 @@ int mtdtest_erase_eraseblock(struct mtd_info *mtd, unsigned int ebnum)
{ {
int err; int err;
struct erase_info ei; struct erase_info ei;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
memset(&ei, 0, sizeof(struct erase_info)); memset(&ei, 0, sizeof(struct erase_info));
ei.mtd = mtd; ei.mtd = mtd;
@ -33,7 +33,7 @@ int mtdtest_erase_eraseblock(struct mtd_info *mtd, unsigned int ebnum)
static int is_block_bad(struct mtd_info *mtd, unsigned int ebnum) static int is_block_bad(struct mtd_info *mtd, unsigned int ebnum)
{ {
int ret; int ret;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
ret = mtd_block_isbad(mtd, addr); ret = mtd_block_isbad(mtd, addr);
if (ret) if (ret)

2
drivers/mtd/tests/nandbiterrs.c
View File

@ -364,7 +364,7 @@ static int __init mtd_nandbiterrs_init(void)
pr_info("Device uses %d subpages of %d bytes\n", subcount, subsize); pr_info("Device uses %d subpages of %d bytes\n", subcount, subsize);
offset = page_offset * mtd->writesize; offset = (loff_t)page_offset * mtd->writesize;
eraseblock = mtd_div_by_eb(offset, mtd); eraseblock = mtd_div_by_eb(offset, mtd);
pr_info("Using page=%u, offset=%llu, eraseblock=%u\n", pr_info("Using page=%u, offset=%llu, eraseblock=%u\n",

8
drivers/mtd/tests/oobtest.c
View File

@ -120,7 +120,7 @@ static int verify_eraseblock(int ebnum)
int i; int i;
struct mtd_oob_ops ops; struct mtd_oob_ops ops;
int err = 0; int err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
prandom_bytes_state(&rnd_state, writebuf, use_len_max * pgcnt); prandom_bytes_state(&rnd_state, writebuf, use_len_max * pgcnt);
for (i = 0; i < pgcnt; ++i, addr += mtd->writesize) { for (i = 0; i < pgcnt; ++i, addr += mtd->writesize) {
@ -214,7 +214,7 @@ static int verify_eraseblock_in_one_go(int ebnum)
{ {
struct mtd_oob_ops ops; struct mtd_oob_ops ops;
int err = 0; int err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
size_t len = mtd->ecclayout->oobavail * pgcnt; size_t len = mtd->ecclayout->oobavail * pgcnt;
prandom_bytes_state(&rnd_state, writebuf, len); prandom_bytes_state(&rnd_state, writebuf, len);
@ -568,7 +568,7 @@ static int __init mtd_oobtest_init(void)
size_t sz = mtd->ecclayout->oobavail; size_t sz = mtd->ecclayout->oobavail;
if (bbt[i] || bbt[i + 1]) if (bbt[i] || bbt[i + 1])
continue; continue;
addr = (i + 1) * mtd->erasesize - mtd->writesize; addr = (loff_t)(i + 1) * mtd->erasesize - mtd->writesize;
prandom_bytes_state(&rnd_state, writebuf, sz * cnt); prandom_bytes_state(&rnd_state, writebuf, sz * cnt);
for (pg = 0; pg < cnt; ++pg) { for (pg = 0; pg < cnt; ++pg) {
ops.mode = MTD_OPS_AUTO_OOB; ops.mode = MTD_OPS_AUTO_OOB;
@ -598,7 +598,7 @@ static int __init mtd_oobtest_init(void)
continue; continue;
prandom_bytes_state(&rnd_state, writebuf, prandom_bytes_state(&rnd_state, writebuf,
mtd->ecclayout->oobavail * 2); mtd->ecclayout->oobavail * 2);
addr = (i + 1) * mtd->erasesize - mtd->writesize; addr = (loff_t)(i + 1) * mtd->erasesize - mtd->writesize;
ops.mode = MTD_OPS_AUTO_OOB; ops.mode = MTD_OPS_AUTO_OOB;
ops.len = 0; ops.len = 0;
ops.retlen = 0; ops.retlen = 0;

4
drivers/mtd/tests/pagetest.c
View File

@ -52,7 +52,7 @@ static struct rnd_state rnd_state;
static int write_eraseblock(int ebnum) static int write_eraseblock(int ebnum)
{ {
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
prandom_bytes_state(&rnd_state, writebuf, mtd->erasesize); prandom_bytes_state(&rnd_state, writebuf, mtd->erasesize);
cond_resched(); cond_resched();
@ -64,7 +64,7 @@ static int verify_eraseblock(int ebnum)
uint32_t j; uint32_t j;
int err = 0, i; int err = 0, i;
loff_t addr0, addrn; loff_t addr0, addrn;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
addr0 = 0; addr0 = 0;
for (i = 0; i < ebcnt && bbt[i]; ++i) for (i = 0; i < ebcnt && bbt[i]; ++i)

2
drivers/mtd/tests/readtest.c
View File

@ -47,7 +47,7 @@ static int pgcnt;
static int read_eraseblock_by_page(int ebnum) static int read_eraseblock_by_page(int ebnum)
{ {
int i, ret, err = 0; int i, ret, err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
void *buf = iobuf; void *buf = iobuf;
void *oobbuf = iobuf1; void *oobbuf = iobuf1;

14
drivers/mtd/tests/speedtest.c
View File

@ -55,7 +55,7 @@ static int multiblock_erase(int ebnum, int blocks)
{ {
int err; int err;
struct erase_info ei; struct erase_info ei;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
memset(&ei, 0, sizeof(struct erase_info)); memset(&ei, 0, sizeof(struct erase_info));
ei.mtd = mtd; ei.mtd = mtd;
@ -80,7 +80,7 @@ static int multiblock_erase(int ebnum, int blocks)
static int write_eraseblock(int ebnum) static int write_eraseblock(int ebnum)
{ {
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
return mtdtest_write(mtd, addr, mtd->erasesize, iobuf); return mtdtest_write(mtd, addr, mtd->erasesize, iobuf);
} }
@ -88,7 +88,7 @@ static int write_eraseblock(int ebnum)
static int write_eraseblock_by_page(int ebnum) static int write_eraseblock_by_page(int ebnum)
{ {
int i, err = 0; int i, err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
void *buf = iobuf; void *buf = iobuf;
for (i = 0; i < pgcnt; i++) { for (i = 0; i < pgcnt; i++) {
@ -106,7 +106,7 @@ static int write_eraseblock_by_2pages(int ebnum)
{ {
size_t sz = pgsize * 2; size_t sz = pgsize * 2;
int i, n = pgcnt / 2, err = 0; int i, n = pgcnt / 2, err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
void *buf = iobuf; void *buf = iobuf;
for (i = 0; i < n; i++) { for (i = 0; i < n; i++) {
@ -124,7 +124,7 @@ static int write_eraseblock_by_2pages(int ebnum)
static int read_eraseblock(int ebnum) static int read_eraseblock(int ebnum)
{ {
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
return mtdtest_read(mtd, addr, mtd->erasesize, iobuf); return mtdtest_read(mtd, addr, mtd->erasesize, iobuf);
} }
@ -132,7 +132,7 @@ static int read_eraseblock(int ebnum)
static int read_eraseblock_by_page(int ebnum) static int read_eraseblock_by_page(int ebnum)
{ {
int i, err = 0; int i, err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
void *buf = iobuf; void *buf = iobuf;
for (i = 0; i < pgcnt; i++) { for (i = 0; i < pgcnt; i++) {
@ -150,7 +150,7 @@ static int read_eraseblock_by_2pages(int ebnum)
{ {
size_t sz = pgsize * 2; size_t sz = pgsize * 2;
int i, n = pgcnt / 2, err = 0; int i, n = pgcnt / 2, err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
void *buf = iobuf; void *buf = iobuf;
for (i = 0; i < n; i++) { for (i = 0; i < n; i++) {

10
drivers/mtd/tests/subpagetest.c
View File

@ -57,7 +57,7 @@ static int write_eraseblock(int ebnum)
{ {
size_t written; size_t written;
int err = 0; int err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
prandom_bytes_state(&rnd_state, writebuf, subpgsize); prandom_bytes_state(&rnd_state, writebuf, subpgsize);
err = mtd_write(mtd, addr, subpgsize, &written, writebuf); err = mtd_write(mtd, addr, subpgsize, &written, writebuf);
@ -92,7 +92,7 @@ static int write_eraseblock2(int ebnum)
{ {
size_t written; size_t written;
int err = 0, k; int err = 0, k;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
for (k = 1; k < 33; ++k) { for (k = 1; k < 33; ++k) {
if (addr + (subpgsize * k) > (ebnum + 1) * mtd->erasesize) if (addr + (subpgsize * k) > (ebnum + 1) * mtd->erasesize)
@ -131,7 +131,7 @@ static int verify_eraseblock(int ebnum)
{ {
size_t read; size_t read;
int err = 0; int err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
prandom_bytes_state(&rnd_state, writebuf, subpgsize); prandom_bytes_state(&rnd_state, writebuf, subpgsize);
clear_data(readbuf, subpgsize); clear_data(readbuf, subpgsize);
@ -192,7 +192,7 @@ static int verify_eraseblock2(int ebnum)
{ {
size_t read; size_t read;
int err = 0, k; int err = 0, k;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
for (k = 1; k < 33; ++k) { for (k = 1; k < 33; ++k) {
if (addr + (subpgsize * k) > (ebnum + 1) * mtd->erasesize) if (addr + (subpgsize * k) > (ebnum + 1) * mtd->erasesize)
@ -227,7 +227,7 @@ static int verify_eraseblock_ff(int ebnum)
uint32_t j; uint32_t j;
size_t read; size_t read;
int err = 0; int err = 0;
loff_t addr = ebnum * mtd->erasesize; loff_t addr = (loff_t)ebnum * mtd->erasesize;
memset(writebuf, 0xff, subpgsize); memset(writebuf, 0xff, subpgsize);
for (j = 0; j < mtd->erasesize / subpgsize; ++j) { for (j = 0; j < mtd->erasesize / subpgsize; ++j) {