From 2a2b9ceb99c226952a96abbcfb95b2540f8b7ecd Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Sat, 6 Aug 2022 01:37:20 -0400
Subject: [PATCH] libext2fs: teach ext2fs_open() to reject file systems with an
 invalid cluster size

If the cluster size is smaller than the block size, this can result in
a negative shift, which is undefined.  When such a file system is
opened, immediately return an error indicating that the file system is
corrupted.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 lib/ext2fs/openfs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index 5ec8ed5..05839ad 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -295,8 +295,11 @@ retry:
 		}
 	}
 
-	if (fs->super->s_log_block_size >
-	    (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) {
+	if ((fs->super->s_log_block_size >
+	     (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) ||
+	    (fs->super->s_log_cluster_size >
+	     (unsigned) (EXT2_MAX_CLUSTER_LOG_SIZE - EXT2_MIN_CLUSTER_LOG_SIZE)) ||
+	    (fs->super->s_log_block_size > fs->super->s_log_cluster_size)) {
 		retval = EXT2_ET_CORRUPT_SUPERBLOCK;
 		goto cleanup;
 	}
-- 
1.8.3.1