[PATCH 1/4] erofs: fix incorrect early exits for invalid metabox-enabled images
Hongbo Li
lihongbo22 at huawei.com
Tue Dec 30 00:08:05 AEDT 2025
On 2025/12/29 17:29, Gao Xiang wrote:
> Crafted EROFS images with metadata compression enabled can trigger
> incorrect early returns, leading to folio reference leaks.
>
> However, this does not cause system crashes or other severe issues.
>
> Fixes: 414091322c63 ("erofs: implement metadata compression")
> Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
Reviewed-by: Hongbo Li <lihongbo22 at huawei.com>
Thanks,
Hongbo
> ---
> fs/erofs/super.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/erofs/super.c b/fs/erofs/super.c
> index 937a215f626c..2e4d0ea2ffa1 100644
> --- a/fs/erofs/super.c
> +++ b/fs/erofs/super.c
> @@ -330,12 +330,13 @@ static int erofs_read_superblock(struct super_block *sb)
> }
> sbi->packed_nid = le64_to_cpu(dsb->packed_nid);
> if (erofs_sb_has_metabox(sbi)) {
> + ret = -EFSCORRUPTED;
> if (sbi->sb_size <= offsetof(struct erofs_super_block,
> metabox_nid))
> - return -EFSCORRUPTED;
> + goto out;
> sbi->metabox_nid = le64_to_cpu(dsb->metabox_nid);
> if (sbi->metabox_nid & BIT_ULL(EROFS_DIRENT_NID_METABOX_BIT))
> - return -EFSCORRUPTED; /* self-loop detection */
> + goto out; /* self-loop detection */
> }
> sbi->inos = le64_to_cpu(dsb->inos);
>
More information about the Linux-erofs
mailing list