From: Yue Hu <huy...@coolpad.com> As syzbot reported [1], the fragment feature sb flag is not set, so packed_inode != NULL needs to be checked in z_erofs_read_fragment().
[1] https://lore.kernel.org/all/0000000000002e7a8905eb841...@google.com/ Reported-by: syzbot+3faecbfd845a895c0...@syzkaller.appspotmail.com Fixes: 08a0c9ef3e7e ("erofs: support on-disk compressed fragments data") Signed-off-by: Yue Hu <huy...@coolpad.com> --- fs/erofs/zdata.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c index cce56dde135c..310f6916787a 100644 --- a/fs/erofs/zdata.c +++ b/fs/erofs/zdata.c @@ -659,6 +659,9 @@ static int z_erofs_read_fragment(struct inode *inode, erofs_off_t pos, u8 *src, *dst; unsigned int i, cnt; + if (!packed_inode) + return -EFAULT; + pos += EROFS_I(inode)->z_fragmentoff; for (i = 0; i < len; i += cnt) { cnt = min_t(unsigned int, len - i, -- 2.17.1
