On 2024/6/5 06:53, jianqiang wang wrote:
Hi Das U-Boot developers,
...
2. in file fs/erofs/data.c, function z_erofs_read_one_data, the node data is read from the storage, however, without a proper check, the data can be corrupted. For example, the inode data is used in function z_erofs_read_data, map.m_llen will be calculated to a very large value, which means the length variable will be very large. It will cause a large memory clear with memset(buffer + end - offset, 0, length);
Would you mind giving a reproducer or a crafted image to trigger this? Or it's your pure observation. Thanks, Gao XIang
