Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 735814f9621d63720bbd350cc5bb98b887f1158a
commit735814f9621d63720bbd350cc5bb98b887f1158a[log] [tgz]
authorRichard Weinberger <richard@nod.at>Fri Aug 09 11:54:28 2024 +0200
committerTom Rini <trini@konsulko.com>Thu Aug 15 16:14:36 2024 -0600
treee05e35550e6340b480d3596d4bcd83c469d6ad46
parentf042f2f406e5b7d3c915c12875ee121927f667b1 [diff]
ext4: Fix integer overflow in ext4fs_read_symlink()

While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem can exhibit an inode size of 0xffffffff
and as consequence zalloc() will do a zero allocation.

Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.

Avoid the overflow by using the __builtin_add_overflow() helper.

Signed-off-by: Richard Weinberger <richard@nod.at>
1 file changed
tree: e05e35550e6340b480d3596d4bcd83c469d6ad46
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. boot/
  6. cmd/
  7. common/
  8. configs/
  9. disk/
  10. doc/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .azure-pipelines.yml
  25. .checkpatch.conf
  26. .get_maintainer.conf
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .gitlab-ci.yml
  31. .mailmap
  32. .readthedocs.yml
  33. config.mk
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README