[PATCH] erofs-utils: lib: validate inode offset bounds in erofs_read_inode_from_disk()
Gao Xiang
hsiangkao at linux.alibaba.com
Thu Mar 5 10:45:48 AEDT 2026
On 2026/3/5 02:21, Utkal Singh wrote:
> A crafted EROFS image can contain an out-of-range node ID in directory
> entries or the superblock root_nid that causes erofs_iloc() to compute
> an inode offset beyond the image size. This leads to out-of-bounds
> reads in erofs_read_metabuf(), potentially crashing fsck.erofs,
> erofsfuse, or dump.erofs.
Do you have a reproducible image?
I think in that way, erofs_io_read or something should fail
instead, we don't need such check against
sbi->primarydevice_blocks.
More information about the Linux-erofs
mailing list