libpayload: Fix an integer overflow in USB mass storage

Change-Id: I3d618497016478ea727c520e866d27dbc3ebf9af Signed-off-by: Nico Huber <nico.huber@secunet.com> Reviewed-on: http://review.coreboot.org/1070 Reviewed-by: Mathias Krause <minipli@googlemail.com> Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
2012-05-21 13:59:43 +02:00 · 2012-05-21 13:59:43 +02:00 · c43e736c0c
parent 0421dc84df
commit c43e736c0c
1 changed files with 3 additions and 0 deletions
--- a/payloads/libpayload/drivers/usb/usbmsc.c
+++ b/payloads/libpayload/drivers/usb/usbmsc.c
@ -360,6 +360,9 @@ read_capacity (usbdev_t *dev)
 	}
 	printf ("  %d %d-byte sectors (%d MB)\n", MSC_INST (dev)->numblocks,
 		MSC_INST (dev)->blocksize,
+		/* round down high block counts to avoid integer overflow */
+		MSC_INST (dev)->numblocks > 1000000
+			? (MSC_INST (dev)->numblocks / 1000) * MSC_INST (dev)->blocksize / 1000 :
 		MSC_INST (dev)->numblocks * MSC_INST (dev)->blocksize / 1000 / 1000);
 }