[PATCH] erofs-utils: lib: fix xattr crash in rebuild path when source has xattr

Tue Mar 3 02:44:36 AEDT 2026

On 2026/3/2 23:39, Lucas Karpinski wrote:
> On 2026-03-02 10:28 a.m., Gao Xiang wrote:
>> Hi Lucas,
>>
>> On 2026/3/2 23:22, Lucas Karpinski wrote:
>>> On 2026-03-02 8:03 a.m., lishixian wrote:
>>>> When rebuilding from source EROFS images, erofs_read_xattrs_from_disk()
>>>> is called for inodes that have xattr. At that point inode->sbi points to
>>>> the source image's sbi, which is opened read-only and never gets
>>>> erofs_xattr_init(), so sbi->xamgr is NULL. get_xattritem(sbi) then
>>>> dereferences xamgr and crashes with SIGSEGV.
>>>>
>>>> Fix by using the build target's xamgr when initializing src's sbi.
>>>>
>>>> Reported-by: Yixiao Chen <489679970 at qq.com>
>>>> Fixes: https://github.com/erofs/erofs-utils/issues/42
>>>> Signed-off-by: lishixian <lishixian8 at huawei.com>
>>>> Reviewed-by: Yifan Zhao <zhaoyifan28 at huawei.com>
>>>> ---
>>>>    lib/rebuild.c | 1 +
>>>>    mkfs/main.c   | 1 +
>>>>    2 files changed, 2 insertions(+)
>>>>
>>>> diff --git a/lib/rebuild.c b/lib/rebuild.c
>>>> index f89a17c..f1e79c1 100644
>>>> --- a/lib/rebuild.c
>>>> +++ b/lib/rebuild.c
>>>> @@ -437,6 +437,7 @@ int erofs_rebuild_load_tree(struct erofs_inode
>>>> *root, struct erofs_sb_info *sbi,
>>>>            erofs_err("failed to read superblock of %s", fsid);
>>>>            return ret;
>>>>        }
>>>> +    sbi->xamgr = g_sbi.xamgr;
>>>>          inode.nid = sbi->root_nid;
>>>>        inode.sbi = sbi;
>>>> diff --git a/mkfs/main.c b/mkfs/main.c
>>>> index b84d1b4..cb0f0cc 100644
>>>> --- a/mkfs/main.c
>>>> +++ b/mkfs/main.c
>>>> @@ -1011,6 +1011,7 @@ static void erofs_rebuild_cleanup(void)
>>>>          list_for_each_entry_safe(src, n, &rebuild_src_list, list) {
>>>>            list_del(&src->list);
>>>> +        src->xamgr = NULL; /* borrowed from g_sbi, do not free */
>>>>            erofs_put_super(src);
>>>>            erofs_dev_close(src);
>>>>            free(src);
>>>
>>> I was similarly looking at this issue in my patchset so I can confirm it
>>> fixes the seg fault.
>>>
>>> Tested-by: Lucas Karpinski <lkarpinski at nvidia.com>
>>
>> Thanks for this, but as I said to lishixian we shouldn't use
>> global g_sbi in the liberofs anymore.
>>
>> Could we try to assign sbi->xamgr in the caller instead?
>>
>> And
>>
>>> in my patchset
>>
>> Do you have more urgent fixes? I'm about to release
>> erofs-utils 1.9.1 since there are some urgent fixes
>> so fixes would be better to be sent out now.
>>
>> Also I think we should have a basic testcase to cover
>> this, I will try to add one this week.
>>
>> Thanks,
>> Gao Xiang
>>
> Sorry, responded at the same time and didn't get to see your message first.
> 
> The rest of my changes are for a new feature implementation, so nothing
> urgent in that regard.

Okay, if you have any question about rebuilding feel
free to ask.

Sorry about that but my own TODO queue is full but I try to
answer any question if helps.

Thanks,
Gao Xiang