[riot-notifications] [RIOT-OS/RIOT] drivers/mtd: Prevent potential heap overflow (#16816)

benpicco notifications at github.com
Tue Sep 7 09:15:54 CEST 2021


@benpicco commented on this pull request.



>      const uint32_t sector_size = mtd->pages_per_sector * mtd->page_size;
 
     /* copy sector to RAM */
-    res = mtd_read_page(mtd, work, sector_page, 0, sector_size);
+    res = mtd_read_page(mtd, work, page, 0, sector_size);

This is integer arithmetic. `sector = page / mtd->pages_per_sector` will calculate which sector the page belongs to, e.g. if you have 

    page = 23;
    pages_per_sector = 8;

Then `sector` will be `23/8 = 2`. This is then used to calculate the start page of the sector: `2 * 8 = 16`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/16816#discussion_r703242979
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20210907/9392b52d/attachment.htm>


More information about the notifications mailing list