[PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0

Gao Xiang Mon, 19 Aug 2019 03:36:17 -0700

As reported by erofs-utils fuzzer, Lookback distance should
be a positive number, so it should be actually looked back
rather than spinning.


Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter")
Cc: <sta...@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxian...@huawei.com>
---
 drivers/staging/erofs/zmap.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c
index 7408e86823a4..774dacbc5b32 100644
--- a/drivers/staging/erofs/zmap.c
+++ b/drivers/staging/erofs/zmap.c
@@ -350,6 +350,12 @@ static int vle_extent_lookback(struct z_erofs_maprecorder 
*m,
 
        switch (m->type) {
        case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD:
+               if (unlikely(!m->delta[0])) {
+                       errln("invalid lookback distance 0 at nid %llu",
+                             vi->nid);
+                       DBG_BUGON(1);
+                       return -EFSCORRUPTED;
+               }
                return vle_extent_lookback(m, m->delta[0]);
        case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN:
                map->m_flags &= ~EROFS_MAP_ZIPPED;
-- 
2.17.1

_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

[PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0

Reply via email to