The value of an arithmetic expression '(reserved_sct + fat_size_sct) *
sector_size_bytes'
is a subject to overflow because its operands are not cast to a larger data
type before
perfoming arithmetic.
Found by RASU JSC with SVACE.
Signed-off-by: Maks Mishin <maks.mishi...@gmail.com>
---
util-linux/volume_id/fat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util-linux/volume_id/fat.c b/util-linux/volume_id/fat.c
index fe3750880..5454b0ca9 100644
--- a/util-linux/volume_id/fat.c
+++ b/util-linux/volume_id/fat.c
@@ -251,7 +251,7 @@ int FAST_FUNC volume_id_probe_vfat(struct volume_id *id
/*,uint64_t fat_partitio
goto fat32;
/* the label may be an attribute in the root directory */
- root_start_off = (reserved_sct + fat_size_sct) * sector_size_bytes;
+ root_start_off = ((uint64_t)reserved_sct + (uint64_t)fat_size_sct) *
(uint64_t)sector_size_bytes;
dbg("root dir start 0x%llx", (unsigned long long) root_start_off);
dbg("expected entries 0x%x", dir_entries);
--
2.34.1
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
