[PATCH] erofs-utils: avoid silent corruption caused by `c_root_xattr_isize`

Wed Nov 27 20:28:25 AEDT 2024

When `c_root_xattr_isize` is too large, `i_xattr_icount` will overflow,
resulting in silent corruption of the filesystem image. This patch performs
checks in advance and reports errors.

Fixes: 8f93c2f83962 ("erofs-utils: mkfs: support inline xattr reservation for rootdirs")
Signed-off-by: Hongzhen Luo <hongzhen at linux.alibaba.com>
---
 lib/inode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/inode.c b/lib/inode.c
index f553becb0be0..e2888a439484 100644
--- a/lib/inode.c
+++ b/lib/inode.c
@@ -1717,6 +1717,12 @@ static int erofs_mkfs_dump_tree(struct erofs_inode *root, bool rebuild,
 		list_del(&root->i_hash);
 		erofs_insert_ihash(root);
 	} else if (cfg.c_root_xattr_isize) {
+		if (cfg.c_root_xattr_isize > EROFS_XATTR_ALIGN(
+				UINT16_MAX - sizeof(struct erofs_xattr_entry))) {
+			erofs_err("Invalid configuration for c_root_xattr_isize: %u (too large)",
+				  cfg.c_root_xattr_isize);
+			return -EINVAL;
+		}
 		root->xattr_isize = cfg.c_root_xattr_isize;
 	}
 
-- 
2.43.5

