Hi Richard, [email protected] wrote on Fri, 12 Jul 2024 10:23:41 +0200:
> A carefully crafted squashfs filesystem can exhibit an inode size of > 0xffffffff, > as a consequence malloc() will do a zero allocation. > Later in the function the inode size is again used for copying data. > So an attacker can overwrite memory. > Avoid the overflow by using the __builtin_add_overflow() helper. > > Signed-off-by: Richard Weinberger <[email protected]> Good catch. Reviewed-by: Miquel Raynal <[email protected]> Thanks, Miquèl
