On 2026/3/5 07:45, Gao Xiang wrote:
On 2026/3/5 02:21, Utkal Singh wrote:
A crafted EROFS image can contain an out-of-range node ID in directory
entries or the superblock root_nid that causes erofs_iloc() to compute
an inode offset beyond the image size. This leads to out-of-bounds
reads in erofs_read_metabuf(), potentially crashing fsck.erofs,
erofsfuse, or dump.erofs.
Do you have a reproducible image?
I think in that way, erofs_io_read or something should fail
instead, we don't need such check against
sbi->primarydevice_blocks.
It will return:
<E> erofs: erofs_read_inode_from_disk() Line[42] failed to get inode (nid:
249216) page, err -5
<E> erofs: erofsfsck_check_inode() Line[988] I/O error occurred when reading
nid(249216)
I don't think such check is needed, blocks is mainly for statfs
statistics, for dynamic generated EROFS, it could be 0 all the
time.
