The directory cycle detection in erofsfsck_check_inode() pushes the parent nid (pnid) onto the dirstack, but checks the current inode's nid against the stack entries. This means a self-referencing directory (a directory containing an entry whose nid points back to itself) is never detected, because the directory's own nid is never recorded in the ancestor stack.
Fix this by pushing the current directory's nid instead of pnid. This ensures that any descendant entry pointing back to any ancestor directory in the traversal path will be correctly identified as a loop and reported as -ELOOP. This is critical for processing untrusted EROFS images from container registries, where a crafted image with directory cycles would cause fsck.erofs to recurse infinitely until stack overflow. Signed-off-by: Utkal Singh <[email protected]> --- fsck/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fsck/main.c b/fsck/main.c index cf07829..cd2cb3b 100644 --- a/fsck/main.c +++ b/fsck/main.c @@ -1021,7 +1021,7 @@ static int erofsfsck_check_inode(erofs_nid_t pnid, erofs_nid_t nid) for (i = 0; i < fsckcfg.dirstack.top; ++i) if (inode.nid == fsckcfg.dirstack.dirs[i]) return -ELOOP; - fsckcfg.dirstack.dirs[fsckcfg.dirstack.top++] = pnid; + fsckcfg.dirstack.dirs[fsckcfg.dirstack.top++] = nid; ret = erofs_iterate_dir(&ctx, true); --fsckcfg.dirstack.top; } -- 2.43.0
