[PATCH 4/4] fs: prevent integer overflow in ext4fs_get_bgdtable
Timo tp Preißl
t.preissl at proton.me
Mon Dec 29 20:44:36 CET 2025
An integer overflow in gdsize_total calculation could lead
to under-allocation and heap buffer overflow.
Signed-off-by: Timo tp Preißl <t.preissl at proton.me>
---
fs/ext4/ext4_write.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c
index 5b290f0d80d..b826a8807c5 100644
--- a/fs/ext4/ext4_write.c
+++ b/fs/ext4/ext4_write.c
@@ -108,7 +108,12 @@ int ext4fs_get_bgdtable(void)
{
int status;
struct ext_filesystem *fs = get_fs();
- int gdsize_total = ROUND(fs->no_blkgrp * fs->gdsize, fs->blksz);
+ size_t alloc;
+
+ if (__builtin_mul_overflow(fs->no_blkgrp, fs->gdsize, &alloc))
+ return -1;
+
+ size_t gdsize_total = ROUND(alloc, fs->blksz);
fs->no_blk_pergdt = gdsize_total / fs->blksz;
/* allocate memory for gdtable */
--
2.43.0
More information about the U-Boot
mailing list