github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-27 00:22:00 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

erofs: fix incorrect early exits for invalid metabox-enabled images

Browse Source 
Crafted EROFS images with metadata compression enabled can trigger
incorrect early returns, leading to folio reference leaks.

However, this does not cause system crashes or other severe issues.

Fixes: 414091322c ("erofs: implement metadata compression")
Cc: stable@kernel.org
Reviewed-by: Hongbo Li <lihongbo22@huawei.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
This commit is contained in:
Gao Xiang 2025-12-29 17:29:46 +08:00
parent 9aa64b62a7
commit 643575d5a4
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fs/erofs/super.c
View File

@ -330,12 +330,13 @@ static int erofs_read_superblock(struct super_block *sb)
}
sbi->packed_nid = le64_to_cpu(dsb->packed_nid);
if (erofs_sb_has_metabox(sbi)) {
ret = -EFSCORRUPTED;
if (sbi->sb_size <= offsetof(struct erofs_super_block,
metabox_nid))
return -EFSCORRUPTED;
goto out;
sbi->metabox_nid = le64_to_cpu(dsb->metabox_nid);
if (sbi->metabox_nid & BIT_ULL(EROFS_DIRENT_NID_METABOX_BIT))
return -EFSCORRUPTED; /* self-loop detection */
goto out; /* self-loop detection */
}
sbi->inos = le64_to_cpu(dsb->inos);