[PATCH] fs/erofs: fix an integer overflow in symlink resolution
Jonathan Bar Or
jonathanbaror at gmail.com
Thu Feb 13 01:17:38 AEDT 2025
This is good, but may I suggest using __builtin_add_overflow instead?
Jonathan
On Wed, Feb 12, 2025, 1:31 AM Gao Xiang <hsiangkao at linux.alibaba.com> wrote:
> See the original report [1], otherwise len + 1 will be overflowed.
>
> Note that EROFS archive can record arbitary symlink sizes in principle,
> so we don't assume a short number like 4096.
>
> [1] https://lore.kernel.org/r/20250210164151.GN1233568@bill-the-cat
> Fixes: 830613f8f5bb ("fs/erofs: add erofs filesystem support")
> Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
> ---
> fs/erofs/fs.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/erofs/fs.c b/fs/erofs/fs.c
> index 7bd2e8fcfc..64a6c8cad8 100644
> --- a/fs/erofs/fs.c
> +++ b/fs/erofs/fs.c
> @@ -63,6 +63,9 @@ static int erofs_readlink(struct erofs_inode *vi)
> char *target;
> int err;
>
> + if (len >= SIZE_MAX)
> + return -EFSCORRUPTED;
> +
> target = malloc(len + 1);
> if (!target)
> return -ENOMEM;
> --
> 2.43.5
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/linux-erofs/attachments/20250212/b3106ec5/attachment.htm>
More information about the Linux-erofs
mailing list