From a40629211df83088fb2da3300921dbe3da59be48 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Mon, 10 Oct 2022 08:29:22 +0200 Subject: [PATCH] libblkid: btrfs - avoid calling clz with zero argument If btrfs superblock contains unknown checksum type, the values are parsed anyway. Bogus sector size then can lead to clz() with zero argument (this is undefined). Reproducer found with OSS-Fuzz (issue 52286) running over cryptsetup project (blkid is used in header init). --- libblkid/src/superblocks/btrfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libblkid/src/superblocks/btrfs.c b/libblkid/src/superblocks/btrfs.c index 2493418086..4a5f761741 100644 --- a/libblkid/src/superblocks/btrfs.c +++ b/libblkid/src/superblocks/btrfs.c @@ -252,6 +252,10 @@ static int probe_btrfs(blkid_probe pr, const struct blkid_idmag *mag) if (!btrfs_verify_csum(pr, bfs)) return 1; + /* Invalid sector size; total_bytes would be bogus. */ + if (!le32_to_cpu(bfs->sectorsize)) + return 1; + if (*bfs->label) blkid_probe_set_label(pr, (unsigned char *) bfs->label, -- 2.47.3