diff options
| author | Yuezhang Mo <Yuezhang.Mo@sony.com> | 2025-03-17 10:53:10 +0800 |
|---|---|---|
| committer | Namjae Jeon <linkinjeon@kernel.org> | 2025-03-27 21:18:03 +0900 |
| commit | b0522303f67255926b946aa66885a0104d1b2980 (patch) | |
| tree | dc334e9fc1a9b32c9d028b463b517117087bd870 | |
| parent | 1bb7ff4204b6d4927e982cd256286c09ed4fd8ca (diff) | |
| download | linux-b0522303f67255926b946aa66885a0104d1b2980.tar.gz linux-b0522303f67255926b946aa66885a0104d1b2980.tar.bz2 linux-b0522303f67255926b946aa66885a0104d1b2980.zip | |
exfat: fix the infinite loop in exfat_find_last_cluster()
In exfat_find_last_cluster(), the cluster chain is traversed until
the EOF cluster. If the cluster chain includes a loop due to file
system corruption, the EOF cluster cannot be traversed, resulting
in an infinite loop.
If the number of clusters indicated by the file size is inconsistent
with the cluster chain length, exfat_find_last_cluster() will return
an error, so if this inconsistency is found, the traversal can be
aborted without traversing to the EOF cluster.
Reported-by: syzbot+f7d147e6db52b1e09dba@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f7d147e6db52b1e09dba
Tested-by: syzbot+f7d147e6db52b1e09dba@syzkaller.appspotmail.com
Fixes: 31023864e67a ("exfat: add fat entry operations")
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
| -rw-r--r-- | fs/exfat/fatent.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c index b9473a69f104..23065f948ae7 100644 --- a/fs/exfat/fatent.c +++ b/fs/exfat/fatent.c @@ -294,7 +294,7 @@ int exfat_find_last_cluster(struct super_block *sb, struct exfat_chain *p_chain, clu = next; if (exfat_ent_get(sb, clu, &next)) return -EIO; - } while (next != EXFAT_EOF_CLUSTER); + } while (next != EXFAT_EOF_CLUSTER && count <= p_chain->size); if (p_chain->size != count) { exfat_fs_error(sb, |