[PATCH v3 4/4] fs: prevent integer overflow in ext4fs_get_bgdtable
Timo tp Preißl
t.preissl at proton.me
Fri Jan 9 12:25:07 CET 2026
An integer overflow in gdsize_total calculation could lead
to under-allocation and heap buffer overflow.
Signed-off-by: Timo tp Preißl <t.preissl at proton.me>
Reviewed-by: Simon Glass <simon.glass at canonical.com>
---
fs/ext4/ext4_write.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c
index 5b290f0d80d..1483e9955c0 100644
--- a/fs/ext4/ext4_write.c
+++ b/fs/ext4/ext4_write.c
@@ -108,7 +108,13 @@ int ext4fs_get_bgdtable(void)
{
int status;
struct ext_filesystem *fs = get_fs();
- int gdsize_total = ROUND(fs->no_blkgrp * fs->gdsize, fs->blksz);
+ size_t alloc;
+ size_t gdsize_total;
+
+ if (__builtin_mul_overflow(fs->no_blkgrp, fs->gdsize, &alloc))
+ return -1;
+
+ gdsize_total = ROUND(alloc, fs->blksz);
fs->no_blk_pergdt = gdsize_total / fs->blksz;
/* allocate memory for gdtable */
--
2.43.0
More information about the U-Boot
mailing list