From: aizu-m <aizumusheer2@gmail.com>
Date: Tue, 9 Jun 2026 07:02:50 +0000 (+0530)
Subject: libmount: fix subvolid buffer overflow in get_btrfs_fs_root
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=091e08c07c5444fd9179d43fb6c1db377a6ca7e4;p=thirdparty%2Futil-linux.git

libmount: fix subvolid buffer overflow in get_btrfs_fs_root
---

diff --git a/libmount/src/tab.c b/libmount/src/tab.c
index 68244f137..98ccd7cf3 100644
--- a/libmount/src/tab.c
+++ b/libmount/src/tab.c
@@ -1635,7 +1635,10 @@ static int get_btrfs_fs_root(struct libmnt_table *tb, struct libmnt_fs *fs,
 
 		DBG(BTRFS, ul_debug(" found subvolid=%s, checking", vol));
 
-		assert (volsz + 1 < sizeof(stringify_value(UINT64_MAX)));
+		/* a subvolid is a u64, so a longer value cannot match any
+		 * subvolume; reject it rather than overflow subvolidstr */
+		if (volsz + 1 >= sizeof(subvolidstr))
+			goto not_found;
 		memcpy(subvolidstr, vol, volsz);
 		subvolidstr[volsz] = '\0';