libext2fs: teach ext2fs_open() to reject file systems with an invalid flex_bg size

If s_log_groups_per_flex is greater than 31, it will result in an
UBSAN error, since it will result in an invalid shift exponent when
calculating the flex_bg size.  So reject such file systems when they
are opened.  (The mke2fs program will not allow the creation of such
file systems, so they can only occur due to corruption.)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index 05839ad..bda8274 100644 (file)
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -299,7 +299,8 @@ retry:
             (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) ||
            (fs->super->s_log_cluster_size >
             (unsigned) (EXT2_MAX_CLUSTER_LOG_SIZE - EXT2_MIN_CLUSTER_LOG_SIZE)) ||
-           (fs->super->s_log_block_size > fs->super->s_log_cluster_size)) {
+           (fs->super->s_log_block_size > fs->super->s_log_cluster_size) ||
+           (fs->super->s_log_groups_per_flex > 31)) {
                retval = EXT2_ET_CORRUPT_SUPERBLOCK;
                goto cleanup;
        }