[PATCH v2 1/4] squashfs: Fix integer overflow in sqfs_resolve_symlink()
Tom Rini
trini at konsulko.com
Fri Aug 16 05:47:26 CEST 2024
On Fri, 02 Aug 2024 18:36:44 +0200, Richard Weinberger wrote:
> A carefully crafted squashfs filesystem can exhibit an inode size of 0xffffffff,
> as a consequence malloc() will do a zero allocation.
> Later in the function the inode size is again used for copying data.
> So an attacker can overwrite memory.
> Avoid the overflow by using the __builtin_add_overflow() helper.
>
>
> [...]
Applied to u-boot/next, thanks!
--
Tom
More information about the U-Boot
mailing list