[PATCH] erofs-utils: fsck: check symlink size before allocation
Gao Xiang
hsiangkao at linux.alibaba.com
Mon Mar 23 14:36:19 AEDT 2026
On 2026/3/23 11:32, Nithurshen wrote:
> Hi Xiang,
>
> This patch LGTM.
>
> I manually verified this by compiling with `-O0 -g` on macOS (arm64)
> and using lldb for fault injection. I stepped through
> erofs_extract_symlink() and allowed erofs_verify_inode_data() to pass
> with normal metadata. Right before the buffer allocation, I artificially
> inflated inode->i_size to 0xffffffffffffffff (SIZE_MAX).
>
> Without the patch, bypassing the OS read limits with this size causes
> a predictable heap buffer overflow and an EXC_BAD_ACCESS crash. With
> the patch applied, the bounds check successfully catches the malformed
> size, gracefully bails out with -EOVERFLOW, and prevents the memory
> corruption.
This patch doesn't look good to me.
I will submit another patch instead.
>
> Tested-by: Nithurshen <nithurshen.dev at gmail.com>
> Reviewed-by: Nithurshen <nithurshen.dev at gmail.com>
More information about the Linux-erofs
mailing list