| Message ID | 20190819103426.87579-7-gaoxiang25@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | staging: erofs: first stage of corrupted compressed images | expand |
On 2019-8-19 18:34, Gao Xiang wrote: > As reported by erofs-utils fuzzer, Lookback distance should > be a positive number, so it should be actually looked back > rather than spinning. > > Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter") > Cc: <stable@vger.kernel.org> # 4.19+ > Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Thanks,
diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c index 7408e86823a4..774dacbc5b32 100644 --- a/drivers/staging/erofs/zmap.c +++ b/drivers/staging/erofs/zmap.c @@ -350,6 +350,12 @@ static int vle_extent_lookback(struct z_erofs_maprecorder *m, switch (m->type) { case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD: + if (unlikely(!m->delta[0])) { + errln("invalid lookback distance 0 at nid %llu", + vi->nid); + DBG_BUGON(1); + return -EFSCORRUPTED; + } return vle_extent_lookback(m, m->delta[0]); case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN: map->m_flags &= ~EROFS_MAP_ZIPPED;
As reported by erofs-utils fuzzer, Lookback distance should be a positive number, so it should be actually looked back rather than spinning. Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter") Cc: <stable@vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> --- drivers/staging/erofs/zmap.c | 6 ++++++ 1 file changed, 6 insertions(+)