From: Nithurshen <nithurshen.dev@gmail.com>
To: ch@vnsh.in
Cc: linux-erofs@lists.ozlabs.org, xiang@kernel.org,
Nithurshen <nithurshen.dev@gmail.com>
Subject: Re: [PATCH] erofs-utils: fsck: check symlink size before allocation
Date: Mon, 23 Mar 2026 09:02:04 +0530 [thread overview]
Message-ID: <20260323033204.97472-1-nithurshen.dev@gmail.com> (raw)
In-Reply-To: <20260321183638.43353-1-ch@vnsh.in>
Hi Xiang,
This patch LGTM.
I manually verified this by compiling with `-O0 -g` on macOS (arm64)
and using lldb for fault injection. I stepped through
erofs_extract_symlink() and allowed erofs_verify_inode_data() to pass
with normal metadata. Right before the buffer allocation, I artificially
inflated inode->i_size to 0xffffffffffffffff (SIZE_MAX).
Without the patch, bypassing the OS read limits with this size causes
a predictable heap buffer overflow and an EXC_BAD_ACCESS crash. With
the patch applied, the bounds check successfully catches the malformed
size, gracefully bails out with -EOVERFLOW, and prevents the memory
corruption.
Tested-by: Nithurshen <nithurshen.dev@gmail.com>
Reviewed-by: Nithurshen <nithurshen.dev@gmail.com>
next prev parent reply other threads:[~2026-03-23 3:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-21 18:36 [PATCH] erofs-utils: fsck: check symlink size before allocation Vansh Choudhary
2026-03-23 3:32 ` Nithurshen [this message]
2026-03-23 3:36 ` Gao Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260323033204.97472-1-nithurshen.dev@gmail.com \
--to=nithurshen.dev@gmail.com \
--cc=ch@vnsh.in \
--cc=linux-erofs@lists.ozlabs.org \
--cc=xiang@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.