fastboot: Fix overflow when calculating chunk size

If a chunk was larger than 4GiB, then chunk_data_sz would overflow and blkcnt would not be calculated correctly. Upgrade it to a u64 and cast its multiplicands as well. Also fix bytes_written while we're at it. Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Heiko Schocher <hs@denx.de>
author: Sean Anderson <sean.anderson@seco.com> 2021-05-27 12:02:34 -0400
committer: Tom Rini <trini@konsulko.com> 2021-06-01 16:48:54 -0400
commit: 89be8e31ccd1c53b010385ed0807eb00f0eec06a (patch)
tree: 376f13956ee8596593a158d5d65c07b3a6daf1af
parent: d8729a114e1e98806cffb87d2dca895f99a0170a (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/image-sparse.c b/lib/image-sparse.c
index 187ac28cd3..d80fdbbf58 100644
--- a/lib/image-sparse.c
+++ b/lib/image-sparse.c
@@ -55,10 +55,10 @@ int write_sparse_image(struct sparse_storage *info,
 	lbaint_t blk;
 	lbaint_t blkcnt;
 	lbaint_t blks;
-	uint32_t bytes_written = 0;
+	uint64_t bytes_written = 0;
 	unsigned int chunk;
 	unsigned int offset;
-	unsigned int chunk_data_sz;
+	uint64_t chunk_data_sz;
 	uint32_t *fill_buf = NULL;
 	uint32_t fill_val;
 	sparse_header_t *sparse_header;
@@ -132,8 +132,8 @@ int write_sparse_image(struct sparse_storage *info,
 				 sizeof(chunk_header_t));
 		}
 
-		chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz;
-		blkcnt = chunk_data_sz / info->blksz;
+		chunk_data_sz = ((u64)sparse_header->blk_sz) * chunk_header->chunk_sz;
+		blkcnt = DIV_ROUND_UP_ULL(chunk_data_sz, info->blksz);
 		switch (chunk_header->chunk_type) {
 		case CHUNK_TYPE_RAW:
 			if (chunk_header->total_sz !=
@@ -162,7 +162,7 @@ int write_sparse_image(struct sparse_storage *info,
 				return -1;
 			}
 			blk += blks;
-			bytes_written += blkcnt * info->blksz;
+			bytes_written += ((u64)blkcnt) * info->blksz;
 			total_blocks += chunk_header->chunk_sz;
 			data += chunk_data_sz;
 			break;
@@ -222,8 +222,9 @@ int write_sparse_image(struct sparse_storage *info,
 				blk += blks;
 				i += j;
 			}
-			bytes_written += blkcnt * info->blksz;
-			total_blocks += chunk_data_sz / sparse_header->blk_sz;
+			bytes_written += ((u64)blkcnt) * info->blksz;
+			total_blocks += DIV_ROUND_UP_ULL(chunk_data_sz,
+							 sparse_header->blk_sz);
 			free(fill_buf);
 			break;
 
@@ -253,7 +254,7 @@ int write_sparse_image(struct sparse_storage *info,
 
 	debug("Wrote %d blocks, expected to write %d blocks\n",
 	      total_blocks, sparse_header->total_blks);
-	printf("........ wrote %u bytes to '%s'\n", bytes_written, part_name);
+	printf("........ wrote %llu bytes to '%s'\n", bytes_written, part_name);
 
 	if (total_blocks != sparse_header->total_blks) {
 		info->mssg("sparse image write failure", response);
author	Sean Anderson <sean.anderson@seco.com>	2021-05-27 12:02:34 -0400
committer	Tom Rini <trini@konsulko.com>	2021-06-01 16:48:54 -0400
commit	89be8e31ccd1c53b010385ed0807eb00f0eec06a (patch)
tree	376f13956ee8596593a158d5d65c07b3a6daf1af
parent	d8729a114e1e98806cffb87d2dca895f99a0170a (diff)