From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 10 Oct 2022 06:29:22 +0000 (+0200)
Subject: libblkid: btrfs - avoid calling clz with zero argument
X-Git-Tag: v2.39-rc1~493
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a40629211df83088fb2da3300921dbe3da59be48;p=thirdparty%2Futil-linux.git

libblkid: btrfs - avoid calling clz with zero argument

If btrfs superblock contains unknown checksum type,
the values are parsed anyway.

Bogus sector size then can lead to clz() with zero argument
(this is undefined).

Reproducer found with OSS-Fuzz (issue 52286) running over
cryptsetup project (blkid is used in header init).
---

diff --git a/libblkid/src/superblocks/btrfs.c b/libblkid/src/superblocks/btrfs.c
index 2493418086..4a5f761741 100644
--- a/libblkid/src/superblocks/btrfs.c
+++ b/libblkid/src/superblocks/btrfs.c
@@ -252,6 +252,10 @@ static int probe_btrfs(blkid_probe pr, const struct blkid_idmag *mag)
 	if (!btrfs_verify_csum(pr, bfs))
 		return 1;
 
+	/* Invalid sector size; total_bytes would be bogus. */
+	if (!le32_to_cpu(bfs->sectorsize))
+		return 1;
+
 	if (*bfs->label)
 		blkid_probe_set_label(pr,
 				(unsigned char *) bfs->label,