[PATCH] erofs-utils: fsck: check symlink size before allocation
Nithurshen
nithurshen.dev at gmail.com
Mon Mar 23 14:32:04 AEDT 2026
Hi Xiang,
This patch LGTM.
I manually verified this by compiling with `-O0 -g` on macOS (arm64)
and using lldb for fault injection. I stepped through
erofs_extract_symlink() and allowed erofs_verify_inode_data() to pass
with normal metadata. Right before the buffer allocation, I artificially
inflated inode->i_size to 0xffffffffffffffff (SIZE_MAX).
Without the patch, bypassing the OS read limits with this size causes
a predictable heap buffer overflow and an EXC_BAD_ACCESS crash. With
the patch applied, the bounds check successfully catches the malformed
size, gracefully bails out with -EOVERFLOW, and prevents the memory
corruption.
Tested-by: Nithurshen <nithurshen.dev at gmail.com>
Reviewed-by: Nithurshen <nithurshen.dev at gmail.com>
More information about the Linux-erofs
mailing list