mtd: partitions: redboot: Added conversion of operands to a larger type

The value of an arithmetic expression directory * master->erasesize is
subject to overflow due to a failure to cast operands to a larger data
type before perfroming arithmetic

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Denis Arefev <arefev@swemel.ru>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240315093758.20790-1-arefev@swemel.ru

diff --git a/drivers/mtd/parsers/redboot.c b/drivers/mtd/parsers/redboot.c
index a16b42a..3b55b67 100644 (file)
--- a/drivers/mtd/parsers/redboot.c
+++ b/drivers/mtd/parsers/redboot.c
@@ -102,7 +102,7 @@ nogood:
                        offset -= master->erasesize;
                }
        } else {
-               offset = directory * master->erasesize;
+               offset = (unsigned long) directory * master->erasesize;
                while (mtd_block_isbad(master, offset)) {
                        offset += master->erasesize;
                        if (offset == master->size)