mirror/android_kernel_fxtec_sm6115
3
0
Fork 0
mirror of https://github.com/LineageOS/android_kernel_fxtec_sm6115.git synced 2026-04-05 12:53:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
558ff67c233c19e545e5f95580c83919355dae33
android_kernel_fxtec_sm6115/drivers
History
Ivan Stepchenko 558ff67c23 mtd: fix possible integer overflow in erase_xfer() 
[ Upstream commit 9358bdb9f9f54d94ceafc650deffefd737d19fdd ]

The expression '1 << EraseUnitSize' is evaluated in int, which causes
a negative result when shifting by 31 - the upper bound of the valid
range [10, 31], enforced by scan_header(). This leads to incorrect
extension when storing the result in 'erase->len' (uint64_t), producing
a large unexpected value.

Found by Linux Verification Center (linuxtesting.org) with Svace.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Ivan Stepchenko <sid@itb.spb.ru>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Ulrich Hecht <uli@kernel.org>
2025-09-16 13:55:11 +02:00
..
accessibility
acpi
amba
android
ata
atm
auxdisplay
base
bcma
block
bluetooth
bus
cdrom
char
clk
clocksource
connector
cpufreq
cpuidle
crypto
crypto: marvell/cesa - Fix engine load inaccuracy
2025-09-16 13:55:11 +02:00
dax
dca
devfreq
dio
dma
dmaengine: nbpfaxi: Fix memory corruption in probe()
2025-09-16 13:55:08 +02:00
dma-buf
edac
eisa
extcon
firewire
firmware
fmc
fpga
fsi
gnss
gpio
gpu
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
2025-09-16 13:55:11 +02:00
hid
HID: core: do not bypass hid_hw_raw_request
2025-09-16 13:55:08 +02:00
hsi
hv
hwmon
hwspinlock
hwtracing
i2c
i2c: qup: jump out of the loop in case of timeout
2025-09-16 13:55:10 +02:00
ide
idle
iio
iio: adc: max1363: Reorder mode_list[] entries
2025-09-16 13:55:08 +02:00
infiniband
RDMA/core: Rate limit GID cache warning messages
2025-09-16 13:55:09 +02:00
input
Input: xpad - set correct controller type for Acer NGR200
2025-09-16 13:55:08 +02:00
iommu
ipack
irqchip
isdn
leds
lightnvm
macintosh
mailbox
mcb
md
media
memory
memstick
memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
2025-09-16 13:55:08 +02:00
message
mfd
misc
Revert "vmci: Prevent the dispatching of uninitialized payloads"
2025-09-16 13:55:10 +02:00
mmc
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
2025-09-16 13:55:08 +02:00
mtd
mtd: fix possible integer overflow in erase_xfer()
2025-09-16 13:55:11 +02:00
mux
net
vrf: Drop existing dst reference in vrf_ip6_input_dst
2025-09-16 13:55:11 +02:00
nfc
ntb
nubus
nvdimm
nvme
nvmem
of
opp
oprofile
parisc
parport
pci
PCI: rockchip-host: Fix "Unexpected Completion" log message
2025-09-16 13:55:11 +02:00
pcmcia
perf
phy
pinctrl
platform
pnp
power
power: supply: bq24190_charger: Fix runtime PM imbalance on error
2025-09-16 13:55:09 +02:00
powercap
pps
pps: fix poll support
2025-09-16 13:55:10 +02:00
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc
reset
rpmsg
rtc
s390
sbus
scsi
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
2025-08-18 09:18:13 +02:00
sfi
sh
siox
slimbus
sn
soc
soundwire
spi
spmi
ssb
staging
staging: nvec: Fix incorrect null termination of battery manufacturer
2025-09-16 13:55:10 +02:00
target
tc
tee
thermal
thunderbolt
tty
pch_uart: Fix dma_sync_sg_for_device() nents value
2025-09-16 13:55:08 +02:00
uio
usb
usb: early: xhci-dbc: Fix early_ioremap leak
2025-09-16 13:55:10 +02:00
uwb
vfio
vhost
video
virt
virtio
visorbus
vlynq
vme
w1
watchdog
xen
zorro
Kconfig
Makefile