[PATCH] erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
Gao Xiang
hsiangkao at linux.alibaba.com
Thu Apr 9 22:14:46 AEST 2026
On 2026/4/9 19:49, Junrui Luo wrote:
> On Thu, Apr 09, 2026 at 06:56:42PM +0800, Gao Xiang wrote:
>> Can you share your initial crafted image binary
>> with `gzip -9 | base64` encoding here?
>
> $ gzip -9 < /tmp/erofs-test/test.erofs | base64
> H4sIAJGR12kCA+3SPUoDQRgG4MkmkkZk8QRbRFIIi9hbpEjrHQI5ghfwCN5BLCzTGtLbBI+gdilS
> Jo1CnIm7GEXFxhT6PDDwfrs73/ywIQD/1ePD4r7Ou6ETsrq4mu7XcWfj++Pb58nJU/9iPNtbjhan
> 04/9GtX4qVYc814WDqt6FaX5s+ZwXXeq52lndT6IuVvlblytLMvh4Gzwaf90nsvz2DF/21+20T/l
> dgp5s1jXRaN4t/8izsy/OUB6e/Qa79r+JwAAAAAAAL52vQVuGQAAAP6+my1wywAAAAAAAADwu14A
> TsEYtgBQAAA=
>
> In QEMU:
> $ mount -t erofs -o cache_strategy=disabled test.erofs /mnt
> $ dd if=/mnt/data of=/dev/null bs=4096 count=1
>
>> I think the proper place to fix this is in
>> z_erofs_map_sanity_check().
>
> I will resend with the check in
> z_erofs_map_sanity_check() instead if the reproducer is acceptable.
It's not a very trivial fix without having some more
understanding of EROFS compression codebase, I will
add your `Repored-by:` and try to tidy up the related
code.
Thanks,
Gao Xiang
>
> Thanks,
> Junrui Luo
More information about the Linux-erofs
mailing list