From eef4dbe0cbd9fe5cbce16e04760d2e6113403cc1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
Date: Sun, 22 Jan 2023 17:40:15 +0000
Subject: [PATCH] libblkid: bcachefs: limit maximum size of read superblock

---
 libblkid/src/superblocks/bcache.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c
index b405480496..b66ed8b196 100644
--- a/libblkid/src/superblocks/bcache.c
+++ b/libblkid/src/superblocks/bcache.c
@@ -106,6 +106,8 @@ struct bcachefs_super_block {
 #define BCACHE_SB_CSUMMED_END 208
 /* granularity of offset and length fields within superblock */
 #define BCACHEFS_SECTOR_SIZE   512
+/* maximum superblock size */
+#define BCACHEFS_SB_MAX_SIZE   4096
 /* fields offset within super block */
 #define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start)
 /* tag value for members field */
@@ -258,6 +260,9 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag)
 		return BLKID_PROBE_NONE;
 
 	sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs);
+	if (sb_size > BCACHEFS_SB_MAX_SIZE)
+		return BLKID_PROBE_NONE;
+
 	sb = blkid_probe_get_sb_buffer(pr, mag, sb_size);
 	if (!sb)
 		return BLKID_PROBE_NONE;
-- 
2.47.3