From 80e1504f2ce33c9ebc5045009c7bcde9315526c0 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Sat, 6 Aug 2022 02:21:49 -0400 Subject: [PATCH] libext2fs: teach ext2fs_open() to reject file systems with an invalid flex_bg size If s_log_groups_per_flex is greater than 31, it will result in an UBSAN error, since it will result in an invalid shift exponent when calculating the flex_bg size. So reject such file systems when they are opened. (The mke2fs program will not allow the creation of such file systems, so they can only occur due to corruption.) Signed-off-by: Theodore Ts'o --- lib/ext2fs/openfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c index 05839ad..bda8274 100644 --- a/lib/ext2fs/openfs.c +++ b/lib/ext2fs/openfs.c @@ -299,7 +299,8 @@ retry: (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) || (fs->super->s_log_cluster_size > (unsigned) (EXT2_MAX_CLUSTER_LOG_SIZE - EXT2_MIN_CLUSTER_LOG_SIZE)) || - (fs->super->s_log_block_size > fs->super->s_log_cluster_size)) { + (fs->super->s_log_block_size > fs->super->s_log_cluster_size) || + (fs->super->s_log_groups_per_flex > 31)) { retval = EXT2_ET_CORRUPT_SUPERBLOCK; goto cleanup; } -- 1.8.3.1