]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1e4e0af)
libblkid: ntfs: avoid UB in signed shift
authorThomas Weißschuh <thomas@t-8ch.de>
Thu, 10 Nov 2022 17:35:00 +0000 (18:35 +0100)
committerThomas Weißschuh <thomas@t-8ch.de>
Sat, 12 Nov 2022 14:30:45 +0000 (15:30 +0100)
Fix OSS-Fuzz issue 53142 ( #1886 )
Fix OSS-Fuzz issue 53160 ( #1888 )

libblkid/src/superblocks/ntfs.c patch | blob | blame | history
tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53142 [new file with mode: 0644] patch | blob
tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53160 [new file with mode: 0644] patch | blob

diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
index b5799c3e33f02ac271812858a6f6141230a0a793..1c53fd29d87bf4aa422374cca72ef71e3a50a4e5 100644 (file)
--- a/libblkid/src/superblocks/ntfs.c
+++ b/libblkid/src/superblocks/ntfs.c
@@ -135,11 +135,15 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
                }
        }
 
-       if (ns->clusters_per_mft_record > 0)
+       if (ns->clusters_per_mft_record > 0) {
                mft_record_size = ns->clusters_per_mft_record *
                                  sectors_per_cluster * sector_size;
-       else
-               mft_record_size = 1 << (0 - ns->clusters_per_mft_record);
+       } else {
+               int8_t mft_record_size_shift = 0 - ns->clusters_per_mft_record;
+               if (mft_record_size_shift < 0 || mft_record_size_shift >= 31)
+                       return 1;
+               mft_record_size = 1 << mft_record_size_shift;
+       }
 
        nr_clusters = le64_to_cpu(ns->number_of_sectors) / sectors_per_cluster;
 
diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53142 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53142
new file mode 100644 (file)
index 0000000..b671bcd
Binary files /dev/null and b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53142 differ
diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53160 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53160
new file mode 100644 (file)
index 0000000..b3586ec
Binary files /dev/null and b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-53160 differ
Unnamed repository; edit this file 'description' to name the repository.