git.ipfire.org Git - thirdparty/grub.git/commit

author	Darren Kenny <darren.kenny@oracle.com>
	Tue, 29 Mar 2022 15:52:46 +0000 (15:52 +0000)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 7 Jun 2022 14:39:34 +0000 (16:39 +0200)
commit	13dce204cf6f3f0f49c9949971052a4c9657c0c0
tree	9fd9779496ddc43486a6b2db68cd44e4effa851e	tree
parent	11e1cffb7e2492ddac4ab8d19ce466783adbb957	commit \| diff

fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing

The fuzzer is generating btrfs file systems that have chunks with
invalid combinations of stripes and substripes for the given RAID
configurations.

After examining the Linux kernel fs/btrfs/tree-checker.c code, it
appears that sub-stripes should only be applied to RAID10, and in that
case there should only ever be 2 of them.

Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4
should have 2. 3 or 4 stripes respectively, which is what redundancy
corresponds.

Some of the chunks ended up with a size of 0, which grub_malloc() still
returned memory for and in turn generated ASAN errors later when
accessed.

While it would be possible to specifically limit the number of stripes,
a more correct test was on the combination of the chunk item, and the
number of stripes by the size of the chunk stripe structure in
comparison to the size of the chunk itself.

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>