libblkid: btrfs - avoid calling clz with zero argument

If btrfs superblock contains unknown checksum type,
the values are parsed anyway.

Bogus sector size then can lead to clz() with zero argument
(this is undefined).

Reproducer found with OSS-Fuzz (issue 52286) running over
cryptsetup project (blkid is used in header init).

diff --git a/libblkid/src/superblocks/btrfs.c b/libblkid/src/superblocks/btrfs.c
index 249341808674049a8de6e8f5f251b9bc056fedeb..4a5f761741d90ac81680fee09b3b2ab2af6db8a3 100644 (file)
--- a/libblkid/src/superblocks/btrfs.c
+++ b/libblkid/src/superblocks/btrfs.c
@@ -252,6 +252,10 @@ static int probe_btrfs(blkid_probe pr, const struct blkid_idmag *mag)
        if (!btrfs_verify_csum(pr, bfs))
                return 1;
 
+       /* Invalid sector size; total_bytes would be bogus. */
+       if (!le32_to_cpu(bfs->sectorsize))
+               return 1;
+
        if (*bfs->label)
                blkid_probe_set_label(pr,
                                (unsigned char *) bfs->label,