On 2026/3/5 02:21, Utkal Singh wrote:
A crafted EROFS image can contain an out-of-range node ID in directory entries or the superblock root_nid that causes erofs_iloc() to compute an inode offset beyond the image size. This leads to out-of-bounds reads in erofs_read_metabuf(), potentially crashing fsck.erofs, erofsfuse, or dump.erofs.
Do you have a reproducible image? I think in that way, erofs_io_read or something should fail instead, we don't need such check against sbi->primarydevice_blocks.
