Hello Allan, On 14/05/2026 at 20:18:50 +02, Allan ELKAIM <[email protected]> wrote:
> sqfsload fails to load a file through a symlink when the squashfs > image contains a large number of inodes (e.g. a rootfs that includes > the tzdata timezone database). > > Root cause: sqfs_read_nest() resolves the symlink by calling itself > recursively without first freeing the parent directory's inode and > directory table buffers. This causes a temporary double allocation > that can exhaust the U-Boot heap. When malloc() subsequently fails > inside sqfs_read_directory_table(), the error goes undetected and > sqfs_search_dir() is called with a NULL pos_list pointer, leading to: > > Error: invalid inode reference to directory table. > Failed to load '/boot/Image' > > Patch 1 fixes the structural problem (temporary double allocation) > and plugs the silent NULL pointer path in sqfs_read_directory_table(). > Patch 2 adds the missing return-value checks on sqfs_dir_offset() that > turn any residual lookup failure into a clean error propagation. > > Both patches are independent and can be reviewed separately. > > The bug was first observed on U-Boot v2024.01 and is still present > on v2026.04. The patches have been tested on a Raspberry Pi CM4 > running U-Boot v2026.04 (Yocto Scarthgap 5.0.17) with a 325 MB > squashfs rootfs containing 22 517 inodes. The symlink > /boot/Image -> Image-6.6.63-v8 now resolves successfully. > > This series addresses the bug reported at: > https://lists.denx.de/pipermail/u-boot/2026-May/618533.html I haven't looked very deeply but changes look good. Acked-by: Miquel Raynal <[email protected]> I am adding Richard in case he wants to have a look. Thanks, Miquèl
