Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 18ef5f3b94048ee4e6849d908a1deed015776734
commit18ef5f3b94048ee4e6849d908a1deed015776734[log] [tgz]
authorRichard Weinberger <richard@nod.at>Fri Aug 02 18:36:44 2024 +0200
committerTom Rini <trini@konsulko.com>Thu Aug 15 16:14:36 2024 -0600
tree2e35b6347ffc0135cd9b75c181bd6f482eee641c
parent25c5843ad5762d0ccaab03f3c516035cd48d21d1 [diff]
squashfs: Fix integer overflow in sqfs_resolve_symlink()

A carefully crafted squashfs filesystem can exhibit an inode size of 0xffffffff,
as a consequence malloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.
Avoid the overflow by using the __builtin_add_overflow() helper.

Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
1 file changed
tree: 2e35b6347ffc0135cd9b75c181bd6f482eee641c
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. boot/
  6. cmd/
  7. common/
  8. configs/
  9. disk/
  10. doc/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .azure-pipelines.yml
  25. .checkpatch.conf
  26. .get_maintainer.conf
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .gitlab-ci.yml
  31. .mailmap
  32. .readthedocs.yml
  33. config.mk
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README