Hi Das U-Boot developers, I found several vulnerabilities in the u-boot filesysetm implementation,
1. in file fs/squashfs/sqfs_inode.c function sqfs_inode_size. The parameter blk_size is directly or indirectly from the storage data. Howver, without a sanity check, this value is directly used in the division operations, leading to a division-by-zero exception 2. in file fs/erofs/data.c, function z_erofs_read_one_data, the node data is read from the storage, however, without a proper check, the data can be corrupted. For example, the inode data is used in function z_erofs_read_data, map.m_llen will be calculated to a very large value, which means the length variable will be very large. It will cause a large memory clear with memset(buffer + end - offset, 0, length); 3. in file fs/squashfs/sqfs.c, function sqfs_frag_lookup, the header variable is read/calculated from the storage data, however, without a proper check, memcpy(entries, metadata, SQFS_METADATA_SIZE(header)); will cause a buffer over write when header cannot correctly clear the higher bits (SQFS_METADATA_SIZE(header)). Could you please confirmware these vulnerabilities? Best regards
