fuse2fs: fix memory corruption when parsing mount options
struct fuse_opt has this interesting behavior -- if you set the offset
field to a non-negative value, then it will treat that value as a byte
offset into the data parameter that is passed to fuse_opt_parse.
Unfortnately, process_opt computes a pointer from ((char *)data +
offset), casts that to an int pointer(!), and dereferences the int
pointer to set the value. Therefore, we cannot have uint8_t fields in
struct fuse2fs because that will lead to subtle memory corruption.
Cc: <linux-ext4@vger.kernel.org> # v1.47.3 Fixes: c7f2688540d95e ("fuse2fs: compact all the boolean flags in struct fuse2fs") Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
projects / thirdparty / e2fsprogs.git / commit
