On Fri, 02 Aug 2024 18:36:44 +0200, Richard Weinberger wrote: > A carefully crafted squashfs filesystem can exhibit an inode size of > 0xffffffff, > as a consequence malloc() will do a zero allocation. > Later in the function the inode size is again used for copying data. > So an attacker can overwrite memory. > Avoid the overflow by using the __builtin_add_overflow() helper. > > > [...]
Applied to u-boot/next, thanks! -- Tom