diff options
author | Gao Xiang <gaoxiang25@huawei.com> | 2019-10-09 18:05:53 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-10-11 18:36:57 +0200 |
commit | 4c87d287c62a6d44f9afbe86911730b44e8a5946 (patch) | |
tree | 70be701228012a2989d26c62435c79c15f17f97d | |
parent | 5bb124e1d18e984901039bec4ff94dd40dea8858 (diff) | |
download | linux-stable-4c87d287c62a6d44f9afbe86911730b44e8a5946.tar.gz linux-stable-4c87d287c62a6d44f9afbe86911730b44e8a5946.tar.bz2 linux-stable-4c87d287c62a6d44f9afbe86911730b44e8a5946.zip |
staging: erofs: avoid endless loop of invalid lookback distance 0
commit 598bb8913d015150b7734b55443c0e53e7189fc7 upstream.
As reported by erofs-utils fuzzer, Lookback distance should
be a positive number, so it should be actually looked back
rather than spinning.
Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Link: https://lore.kernel.org/r/20190819103426.87579-7-gaoxiang25@huawei.com
[ Gao Xiang: Since earlier kernels don't define EFSCORRUPTED,
let's use EIO instead. ]
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | drivers/staging/erofs/zmap.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c index c2359321ca13..30e6d02d30de 100644 --- a/drivers/staging/erofs/zmap.c +++ b/drivers/staging/erofs/zmap.c @@ -350,6 +350,12 @@ static int vle_extent_lookback(struct z_erofs_maprecorder *m, switch (m->type) { case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD: + if (!m->delta[0]) { + errln("invalid lookback distance 0 at nid %llu", + vi->nid); + DBG_BUGON(1); + return -EIO; + } return vle_extent_lookback(m, m->delta[0]); case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN: map->m_flags &= ~EROFS_MAP_ZIPPED; |