summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorGao Xiang <gaoxiang25@huawei.com>2019-08-19 18:34:26 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-08-21 05:44:07 -0700
commit598bb8913d015150b7734b55443c0e53e7189fc7 (patch)
tree1dde1ef92aad42f83ee7b196086aa8672815d4e0 /drivers
parent138e1a0990e80db486ab9f6c06bd5c01f9a97999 (diff)
staging: erofs: avoid endless loop of invalid lookback distance 0
As reported by erofs-utils fuzzer, Lookback distance should be a positive number, so it should be actually looked back rather than spinning. Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter") Cc: <stable@vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-7-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/staging/erofs/zmap.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c
index 7408e86823a4..774dacbc5b32 100644
--- a/drivers/staging/erofs/zmap.c
+++ b/drivers/staging/erofs/zmap.c
@@ -350,6 +350,12 @@ static int vle_extent_lookback(struct z_erofs_maprecorder *m,
switch (m->type) {
case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD:
+ if (unlikely(!m->delta[0])) {
+ errln("invalid lookback distance 0 at nid %llu",
+ vi->nid);
+ DBG_BUGON(1);
+ return -EFSCORRUPTED;
+ }
return vle_extent_lookback(m, m->delta[0]);
case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN:
map->m_flags &= ~EROFS_MAP_ZIPPED;