[PATCH 2/2] erofs-utils: fsck: fix segmentfault for crafted image extract
Guo Xuenan
guoxuenan at huawei.com
Wed May 31 17:26:12 AEST 2023
In crafted erofs image, extract files may lead to fsck.erofs
memory access out of bounds.
Actually, there is already interception in the code, but which only
take effect in debug mode, change it to avoid that.
Signed-off-by: Guo Xuenan <guoxuenan at huawei.com>
---
lib/decompress.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/decompress.c b/lib/decompress.c
index 8d1b25d..59a9ca0 100644
--- a/lib/decompress.c
+++ b/lib/decompress.c
@@ -138,8 +138,12 @@ int z_erofs_decompress(struct z_erofs_decompress_req *rq)
if (rq->inputsize > erofs_blksiz())
return -EFSCORRUPTED;
- DBG_BUGON(rq->decodedlength > erofs_blksiz());
- DBG_BUGON(rq->decodedlength < rq->decodedskip);
+ if (rq->decodedlength > erofs_blksiz())
+ return -EFSCORRUPTED;
+
+ if (rq->decodedlength < rq->decodedskip)
+ return -EFSCORRUPTED;
+
count = rq->decodedlength - rq->decodedskip;
skip = erofs_blkoff(rq->interlaced_offset + rq->decodedskip);
rightpart = min(erofs_blksiz() - skip, count);
--
2.31.1
More information about the Linux-erofs
mailing list