fs/btrfs: Fix several fuzz issues with invalid dir item sizing (23c785c3) · Commits · PureOS / Core Packages / Grub

Commit 23c785c3 authored 2 years ago by Darren Kenny Committed by Julian Andres Klode 2 years ago

fs/btrfs: Fix several fuzz issues with invalid dir item sizing


According to the btrfs code in Linux, the structure of a directory item
leaf should be of the form:

  |struct btrfs_dir_item|name|data|

in GRUB the name len and data len are in the grub_btrfs_dir_item
structure's n and m fields respectively.

The combined size of the structure, name and data should be less than
the allocated memory, a difference to the Linux kernel's struct
btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for
where the name is stored, so we adjust for that too.

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

parent 998bd74c

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 26 additions and 0 deletions

Please register or to comment

Admin message

Admin message

fs/btrfs: Fix several fuzz issues with invalid dir item sizing