[PATCH 4/4] fs: prevent integer overflow in ext4fs_get_bgdtable

Timo tp Preißl Mon, 29 Dec 2025 12:37:40 -0800

An integer overflow in gdsize_total calculation could lead
to under-allocation and heap buffer overflow.


Signed-off-by: Timo tp Preißl <[email protected]>
---
 fs/ext4/ext4_write.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c
index 5b290f0d80d..b826a8807c5 100644
--- a/fs/ext4/ext4_write.c
+++ b/fs/ext4/ext4_write.c
@@ -108,7 +108,12 @@ int ext4fs_get_bgdtable(void)
 {
        int status;
        struct ext_filesystem *fs = get_fs();
-       int gdsize_total = ROUND(fs->no_blkgrp * fs->gdsize, fs->blksz);
+       size_t alloc;
+
+       if (__builtin_mul_overflow(fs->no_blkgrp, fs->gdsize, &alloc))
+               return -1;
+
+       size_t gdsize_total = ROUND(alloc, fs->blksz);
        fs->no_blk_pergdt = gdsize_total / fs->blksz;
 
        /* allocate memory for gdtable */
-- 
2.43.0

[PATCH 4/4] fs: prevent integer overflow in ext4fs_get_bgdtable

Reply via email to