[PATCH] erofs: fix validation in z_erofs_do_map_blocks()

[Gao Xiang]

Hi Noboru,

On 2023/3/3 14:52, Noboru Asai wrote:
> In case of reading fragment data, map->m_plen is invalid.
> 
> Fixes: c505feba4c0d ("erofs: validate the extent length for uncompressed pclusters")
> Signed-off-by: Noboru Asai <asai at sijam.com>

Thanks for the report and patch!

I've already found this issue and I think it's actually
a misuse to Z_EROFS_VLE_CLUSTER_TYPE_PLAIN for fragment
pclusters in mkfs.erofs.

So I fixed in erofs-utils:
https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?id=ef74e215647e0d602d5e24039acbcfb18e55e516

Since erofs-utils v1.6 is not released yet, so it won't impact
anything at all.

Thanks,
Gao Xiang


> ---
>   fs/erofs/zmap.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c
> index 8bf6d30518b6..902b166a5a5e 100644
> --- a/fs/erofs/zmap.c
> +++ b/fs/erofs/zmap.c
> @@ -572,7 +572,7 @@ static int z_erofs_do_map_blocks(struct inode *inode,
>   	}
>   
>   	if (m.headtype == Z_EROFS_VLE_CLUSTER_TYPE_PLAIN) {
> -		if (map->m_llen > map->m_plen) {
> +		if (!(map->m_flags & EROFS_MAP_FRAGMENT) && (map->m_llen > map->m_plen) {
>   			DBG_BUGON(1);
>   			err = -EFSCORRUPTED;
>   			goto unmap_out;