libblkid: erofs - avoid undefined shift

Erofs probe can use undefined shift if blkszbits
is a bogus value. Avoid this by limiting shift size.

Reproducer found with OSS-Fuzz (issue 52298) running over
cryptsetup project (blkid is used in header init).

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/libblkid/src/superblocks/erofs.c b/libblkid/src/superblocks/erofs.c
index 559ce63c1482e0d9cfe318968e1b9262cca7c6cd..452bb8d3bd175d1cee862f3c39d8481702793925 100644 (file)
--- a/libblkid/src/superblocks/erofs.c
+++ b/libblkid/src/superblocks/erofs.c
@@ -73,7 +73,7 @@ static int probe_erofs(blkid_probe pr, const struct blkid_idmag *mag)
                return errno ? -errno : BLKID_PROBE_NONE;
 
        /* EROFS is restricted to 4KiB block size */
-       if ((1U << sb->blkszbits) > 4096)
+       if (sb->blkszbits > 31 || (1U << sb->blkszbits) > 4096)
                return BLKID_PROBE_NONE;
 
        if (!erofs_verify_checksum(pr, mag, sb))