`vi->u.chunkbits` could exceed 32, e.g., 43 (12 + 31), which causes the result of 1UL << vi->u.chunkbits to be truncated, returning 2048.
Reported-by: Colin Walters <[email protected]> Closes: https://lore.kernel.org/r/[email protected] Fixes: 401ca0769e20 ("erofs-utils: fuse: support reading chunk-based uncompressed files") Signed-off-by: Gao Xiang <[email protected]> --- I think it should be fixed on the kernel side too, yet I rarely look after 32-bit platforms due to lack of test environments. On 64-bit platform, it shouldn't be an issue since `vi->u.chunkbits` should never larger than 64. lib/data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/data.c b/lib/data.c index dd33d9e..f4ce8c8 100644 --- a/lib/data.c +++ b/lib/data.c @@ -66,7 +66,7 @@ int __erofs_map_blocks(struct erofs_inode *inode, idx = (void *)buf + erofs_blkoff(sbi, pos); map->m_la = chunknr << vi->u.chunkbits; - map->m_llen = min_t(erofs_off_t, 1UL << vi->u.chunkbits, + map->m_llen = min_t(erofs_off_t, 1ULL << vi->u.chunkbits, round_up(inode->i_size - map->m_la, blksz)); if (vi->u.chunkformat & EROFS_CHUNK_FORMAT_INDEXES) { addrmask = (vi->u.chunkformat & EROFS_CHUNK_FORMAT_48BIT) ? -- 2.43.5
