An inode size larger than the block size can cause userspace programs
to crash.
This problem was found using American Fuzzy Lop.
Reported-by: Adam Buchbinder <abuchbinder@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
blk64_t group_block, blk;
char *dest, *cp;
int group_zero_adjust = 0;
+ int inode_size;
#ifdef WORDS_BIGENDIAN
unsigned int groups_per_block;
struct ext2_group_desc *gdp;
goto cleanup;
}
fs->fragsize = fs->blocksize = EXT2_BLOCK_SIZE(fs->super);
- if (EXT2_INODE_SIZE(fs->super) < EXT2_GOOD_OLD_INODE_SIZE) {
+ inode_size = EXT2_INODE_SIZE(fs->super);
+ if ((inode_size < EXT2_GOOD_OLD_INODE_SIZE) ||
+ (inode_size > fs->blocksize) ||
+ (inode_size & (inode_size - 1))) {
retval = EXT2_ET_CORRUPT_SUPERBLOCK;
goto cleanup;
}