erofs-utils: avoid silent corruption caused by `c_root_xattr_isize`

When `c_root_xattr_isize` is too large, `i_xattr_icount` will overflow,
resulting in silent corruption of the filesystem image. This patch performs
checks in advance and reports errors.

Fixes: 8f93c2f83962 ("erofs-utils: mkfs: support inline xattr reservation for rootdirs")
Signed-off-by: Hongzhen Luo <hongzhen@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241127092825.4105724-1-hongzhen@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

diff --git a/lib/inode.c b/lib/inode.c
index f553becb0be0fd590a9ca5cd865dd400b3c49e06..e2888a4394848ba3e1272ed89433c521159fe64c 100644 (file)
--- a/lib/inode.c
+++ b/lib/inode.c
@@ -1717,6 +1717,12 @@ static int erofs_mkfs_dump_tree(struct erofs_inode *root, bool rebuild,
                list_del(&root->i_hash);
                erofs_insert_ihash(root);
        } else if (cfg.c_root_xattr_isize) {
+               if (cfg.c_root_xattr_isize > EROFS_XATTR_ALIGN(
+                               UINT16_MAX - sizeof(struct erofs_xattr_entry))) {
+                       erofs_err("Invalid configuration for c_root_xattr_isize: %u (too large)",
+                                 cfg.c_root_xattr_isize);
+                       return -EINVAL;
+               }
                root->xattr_isize = cfg.c_root_xattr_isize;
        }