From: Hongzhen Luo <hongzhen@linux.alibaba.com>
Date: Wed, 27 Nov 2024 09:28:25 +0000 (+0800)
Subject: erofs-utils: avoid silent corruption caused by `c_root_xattr_isize`
X-Git-Tag: accepted/tizen/unified/20250610.081809~89
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ee7d3dc1dd95a6f832d96c39fab65407963f1123;p=platform%2Fupstream%2Ferofs-utils.git

erofs-utils: avoid silent corruption caused by `c_root_xattr_isize`

When `c_root_xattr_isize` is too large, `i_xattr_icount` will overflow,
resulting in silent corruption of the filesystem image. This patch performs
checks in advance and reports errors.

Fixes: 8f93c2f83962 ("erofs-utils: mkfs: support inline xattr reservation for rootdirs")
Signed-off-by: Hongzhen Luo <hongzhen@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241127092825.4105724-1-hongzhen@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
---

diff --git a/lib/inode.c b/lib/inode.c
index f553bec..e2888a4 100644
--- a/lib/inode.c
+++ b/lib/inode.c
@@ -1717,6 +1717,12 @@ static int erofs_mkfs_dump_tree(struct erofs_inode *root, bool rebuild,
 		list_del(&root->i_hash);
 		erofs_insert_ihash(root);
 	} else if (cfg.c_root_xattr_isize) {
+		if (cfg.c_root_xattr_isize > EROFS_XATTR_ALIGN(
+				UINT16_MAX - sizeof(struct erofs_xattr_entry))) {
+			erofs_err("Invalid configuration for c_root_xattr_isize: %u (too large)",
+				  cfg.c_root_xattr_isize);
+			return -EINVAL;
+		}
 		root->xattr_isize = cfg.c_root_xattr_isize;
 	}