michael/u-boot
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fs: prevent integer overflow in ext4fs_get_bgdtable

Browse Source 
An integer overflow in gdsize_total calculation could lead
to under-allocation and heap buffer overflow.

Signed-off-by: Timo tp Preißl <t.preissl@proton.me>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This commit is contained in:
Timo tp Preißl
2026-01-09 11:25:07 +00:00
committed by Tom Rini
parent 870aff99a2
commit fc16c847a1
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
fs/ext4/ext4_write.c
View File

@@ -108,7 +108,13 @@ int ext4fs_get_bgdtable(void)
{
int status;
struct ext_filesystem *fs = get_fs();
int gdsize_total = ROUND(fs->no_blkgrp * fs->gdsize, fs->blksz);
size_t alloc;
size_t gdsize_total;
if (__builtin_mul_overflow(fs->no_blkgrp, fs->gdsize, &alloc))
return -1;
gdsize_total = ROUND(alloc, fs->blksz);
fs->no_blk_pergdt = gdsize_total / fs->blksz;
/* allocate memory for gdtable */