[PATCH] erofs-utils: fsck: check symlink size before allocation
Vansh Choudhary
ch at vnsh.in
Sun Mar 22 05:36:38 AEDT 2026
erofs_extract_symlink() uses inode->i_size to allocate a buffer for
the symlink target and then appends a trailing NUL byte.
Reject symlink sizes larger than SIZE_MAX - 1 before allocating the
buffer so malformed images cannot overflow the allocation size.
Return -EOVERFLOW for this case and keep the existing extraction flow
unchanged otherwise.
Signed-off-by: Vansh Choudhary <ch at vnsh.in>
---
fsck/main.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fsck/main.c b/fsck/main.c
index 16a354f..1254112 100644
--- a/fsck/main.c
+++ b/fsck/main.c
@@ -4,6 +4,7 @@
* Author: Daeho Jeong <daehojeong at google.com>
*/
#include <stdlib.h>
+#include <stdint.h>
#include <getopt.h>
#include <time.h>
#include <utime.h>
@@ -794,6 +795,13 @@ static inline int erofs_extract_symlink(struct erofs_inode *inode)
if (ret)
return ret;
+ if (inode->i_size > SIZE_MAX - 1) {
+ erofs_err("symlink size %" PRIu64 " is too large @ nid %llu",
+ inode->i_size, inode->nid | 0ULL);
+ ret = -EOVERFLOW;
+ goto out;
+ }
+
buf = malloc(inode->i_size + 1);
if (!buf) {
ret = -ENOMEM;
--
2.43.0
More information about the Linux-erofs
mailing list