diff options
author | Sean Anderson <sean.anderson@seco.com> | 2021-05-27 12:02:34 -0400 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2021-06-01 16:48:54 -0400 |
commit | 89be8e31ccd1c53b010385ed0807eb00f0eec06a (patch) | |
tree | 376f13956ee8596593a158d5d65c07b3a6daf1af | |
parent | d8729a114e1e98806cffb87d2dca895f99a0170a (diff) | |
download | u-boot-89be8e31ccd1c53b010385ed0807eb00f0eec06a.zip u-boot-89be8e31ccd1c53b010385ed0807eb00f0eec06a.tar.gz u-boot-89be8e31ccd1c53b010385ed0807eb00f0eec06a.tar.bz2 |
fastboot: Fix overflow when calculating chunk sizeWIP/01Jun2021
If a chunk was larger than 4GiB, then chunk_data_sz would overflow and
blkcnt would not be calculated correctly. Upgrade it to a u64 and cast
its multiplicands as well. Also fix bytes_written while we're at it.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
-rw-r--r-- | lib/image-sparse.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/image-sparse.c b/lib/image-sparse.c index 187ac28..d80fdbb 100644 --- a/lib/image-sparse.c +++ b/lib/image-sparse.c @@ -55,10 +55,10 @@ int write_sparse_image(struct sparse_storage *info, lbaint_t blk; lbaint_t blkcnt; lbaint_t blks; - uint32_t bytes_written = 0; + uint64_t bytes_written = 0; unsigned int chunk; unsigned int offset; - unsigned int chunk_data_sz; + uint64_t chunk_data_sz; uint32_t *fill_buf = NULL; uint32_t fill_val; sparse_header_t *sparse_header; @@ -132,8 +132,8 @@ int write_sparse_image(struct sparse_storage *info, sizeof(chunk_header_t)); } - chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz; - blkcnt = chunk_data_sz / info->blksz; + chunk_data_sz = ((u64)sparse_header->blk_sz) * chunk_header->chunk_sz; + blkcnt = DIV_ROUND_UP_ULL(chunk_data_sz, info->blksz); switch (chunk_header->chunk_type) { case CHUNK_TYPE_RAW: if (chunk_header->total_sz != @@ -162,7 +162,7 @@ int write_sparse_image(struct sparse_storage *info, return -1; } blk += blks; - bytes_written += blkcnt * info->blksz; + bytes_written += ((u64)blkcnt) * info->blksz; total_blocks += chunk_header->chunk_sz; data += chunk_data_sz; break; @@ -222,8 +222,9 @@ int write_sparse_image(struct sparse_storage *info, blk += blks; i += j; } - bytes_written += blkcnt * info->blksz; - total_blocks += chunk_data_sz / sparse_header->blk_sz; + bytes_written += ((u64)blkcnt) * info->blksz; + total_blocks += DIV_ROUND_UP_ULL(chunk_data_sz, + sparse_header->blk_sz); free(fill_buf); break; @@ -253,7 +254,7 @@ int write_sparse_image(struct sparse_storage *info, debug("Wrote %d blocks, expected to write %d blocks\n", total_blocks, sparse_header->total_blks); - printf("........ wrote %u bytes to '%s'\n", bytes_written, part_name); + printf("........ wrote %llu bytes to '%s'\n", bytes_written, part_name); if (total_blocks != sparse_header->total_blks) { info->mssg("sparse image write failure", response); |