From: Milan Broz <gmazyland@gmail.com>
Date: Wed, 12 Oct 2022 21:02:27 +0000 (+0200)
Subject: libblkid: erofs - avoid undefined shift
X-Git-Tag: v2.39-rc1~487
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e55759f50305eac0b1a398dd2c31dad188d173a;p=thirdparty%2Futil-linux.git

libblkid: erofs - avoid undefined shift

Erofs probe can use undefined shift if blkszbits
is a bogus value. Avoid this by limiting shift size.

Reproducer found with OSS-Fuzz (issue 52298) running over
cryptsetup project (blkid is used in header init).

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/libblkid/src/superblocks/erofs.c b/libblkid/src/superblocks/erofs.c
index 559ce63c14..452bb8d3bd 100644
--- a/libblkid/src/superblocks/erofs.c
+++ b/libblkid/src/superblocks/erofs.c
@@ -73,7 +73,7 @@ static int probe_erofs(blkid_probe pr, const struct blkid_idmag *mag)
 		return errno ? -errno : BLKID_PROBE_NONE;
 
 	/* EROFS is restricted to 4KiB block size */
-	if ((1U << sb->blkszbits) > 4096)
+	if (sb->blkszbits > 31 || (1U << sb->blkszbits) > 4096)
 		return BLKID_PROBE_NONE;
 
 	if (!erofs_verify_checksum(pr, mag, sb))