projects / platform / upstream / erofs-utils.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 44ef438)
erofs-utils: lib: fix global-buffer-overflow due to invalid device
authorGao Xiang <hsiangkao@linux.alibaba.com>
Thu, 8 Aug 2024 16:03:43 +0000 (00:03 +0800)
committerGao Xiang <hsiangkao@linux.alibaba.com>
Thu, 8 Aug 2024 17:26:49 +0000 (01:26 +0800)
Fuzzer generates an image with crafted chunks of some invalid device.
Also refine the printed message of EOD.

Closes: https://github.com/erofs/erofsnightly/actions/runs/10172576269/job/28135408276
Closes: https://github.com/erofs/erofs-utils/issues/11
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://lore.kernel.org/r/20240808160343.2544426-1-hsiangkao@linux.alibaba.com
lib/io.c patch | blob | history

diff --git a/lib/io.c b/lib/io.c
index 6bfae6995b759f0f044e3f2240b43682fe54e984..b101c077afcf1f06c59f1e769544a9e3d620de9d 100644 (file)
--- a/lib/io.c
+++ b/lib/io.c
@@ -342,6 +342,10 @@ ssize_t erofs_dev_read(struct erofs_sb_info *sbi, int device_id,
        ssize_t read;
 
        if (device_id) {
+               if (device_id >= sbi->nblobs) {
+                       erofs_err("invalid device id %d", device_id);
+                       return -EIO;
+               }
                read = erofs_io_pread(&((struct erofs_vfile) {
                                .fd = sbi->blobfd[device_id - 1],
                        }), buf, offset, len);
@@ -352,7 +356,8 @@ ssize_t erofs_dev_read(struct erofs_sb_info *sbi, int device_id,
        if (read < 0)
                return read;
        if (read < len) {
-               erofs_info("reach EOF of device, pading with zeroes");
+               erofs_info("reach EOF of device @ %llu, pading with zeroes",
+                          offset | 0ULL);
                memset(buf + read, 0, len - read);
        }
        return 0;
Domain: System / Kernel