Found in some fuzzed images.
Fixes: f511cfbbc0da ("erofs-utils: introduce fragment cache")
Signed-off-by: Gao Xiang <hsiang...@linux.alibaba.com>
---
lib/fragments.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/fragments.c b/lib/fragments.c
index 2f5fbf9..a345acf 100644
--- a/lib/fragments.c
+++ b/lib/fragments.c
@@ -524,6 +524,10 @@ int erofs_packedfile_read(struct erofs_sb_info *sbi,
erofs_blk_t bnr = erofs_blknr(sbi, pos);
bool uptodate;
+ if (__erofs_unlikely(bnr > epi->uptodate_size)) {
+ erofs_err("packed inode EOF exceeded @ %llu",
pos);
+ return -EFSCORRUPTED;
+ }
map.m_la = round_down(pos, bsz);
len = min_t(erofs_off_t, bsz - (pos & (bsz - 1)),
end - pos);
--
2.43.5
