mtd: diskonchip: Cast an operand to prevent potential overflow

There may be a potential integer overflow issue in inftl_partscan().
parts[0].size is defined as "uint64_t"  while mtd->erasesize and
ip->firstUnit are defined as 32-bit unsigned integer. The result of
the calculation will be limited to 32 bits without correct casting.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>

diff --git a/drivers/mtd/nand/raw/diskonchip.c b/drivers/mtd/nand/raw/diskonchip.c
index 8db7fc424571116abb467def163d2f1725c49b9f..70d6c2250f32c8f0c5a1046c6cd3ae9e00df1a9f 100644 (file)
--- a/drivers/mtd/nand/raw/diskonchip.c
+++ b/drivers/mtd/nand/raw/diskonchip.c
@@ -1098,7 +1098,7 @@ static inline int __init inftl_partscan(struct mtd_info *mtd, struct mtd_partiti
                    (i == 0) && (ip->firstUnit > 0)) {
                        parts[0].name = " DiskOnChip IPL / Media Header partition";
                        parts[0].offset = 0;
-                       parts[0].size = mtd->erasesize * ip->firstUnit;
+                       parts[0].size = (uint64_t)mtd->erasesize * ip->firstUnit;
                        numparts = 1;
                }