<p dir="ltr">This is good, but may I suggest using __builtin_add_overflow instead?</p>
<p dir="ltr">Jonathan</p>
<br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, Feb 12, 2025, 1:31 AM Gao Xiang <<a href="mailto:hsiangkao@linux.alibaba.com">hsiangkao@linux.alibaba.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">See the original report [1], otherwise len + 1 will be overflowed.<br>
<br>
Note that EROFS archive can record arbitary symlink sizes in principle,<br>
so we don't assume a short number like 4096.<br>
<br>
[1] <a href="https://lore.kernel.org/r/20250210164151.GN1233568@bill-the-cat" rel="noreferrer noreferrer" target="_blank">https://lore.kernel.org/r/20250210164151.GN1233568@bill-the-cat</a><br>
Fixes: 830613f8f5bb ("fs/erofs: add erofs filesystem support")<br>
Signed-off-by: Gao Xiang <<a href="mailto:hsiangkao@linux.alibaba.com" target="_blank" rel="noreferrer">hsiangkao@linux.alibaba.com</a>><br>
---<br>
 fs/erofs/fs.c | 3 +++<br>
 1 file changed, 3 insertions(+)<br>
<br>
diff --git a/fs/erofs/fs.c b/fs/erofs/fs.c<br>
index 7bd2e8fcfc..64a6c8cad8 100644<br>
--- a/fs/erofs/fs.c<br>
+++ b/fs/erofs/fs.c<br>
@@ -63,6 +63,9 @@ static int erofs_readlink(struct erofs_inode *vi)<br>
        char *target;<br>
        int err;<br>
<br>
+       if (len >= SIZE_MAX)<br>
+               return -EFSCORRUPTED;<br>
+<br>
        target = malloc(len + 1);<br>
        if (!target)<br>
                return -ENOMEM;<br>
-- <br>
2.43.5<br>
<br>
</blockquote></div>