From 4e55759f50305eac0b1a398dd2c31dad188d173a Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Wed, 12 Oct 2022 23:02:27 +0200
Subject: [PATCH] libblkid: erofs - avoid undefined shift

Erofs probe can use undefined shift if blkszbits
is a bogus value. Avoid this by limiting shift size.

Reproducer found with OSS-Fuzz (issue 52298) running over
cryptsetup project (blkid is used in header init).

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 libblkid/src/superblocks/erofs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libblkid/src/superblocks/erofs.c b/libblkid/src/superblocks/erofs.c
index 559ce63c14..452bb8d3bd 100644
--- a/libblkid/src/superblocks/erofs.c
+++ b/libblkid/src/superblocks/erofs.c
@@ -73,7 +73,7 @@ static int probe_erofs(blkid_probe pr, const struct blkid_idmag *mag)
 		return errno ? -errno : BLKID_PROBE_NONE;
 
 	/* EROFS is restricted to 4KiB block size */
-	if ((1U << sb->blkszbits) > 4096)
+	if (sb->blkszbits > 31 || (1U << sb->blkszbits) > 4096)
 		return BLKID_PROBE_NONE;
 
 	if (!erofs_verify_checksum(pr, mag, sb))
-- 
2.47.3