mirrors/u-boot
1
0
Fork 0
mirror of https://source.denx.de/u-boot/u-boot.git synced 2026-02-26 18:41:46 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
u-boot/fs
History
Eric Kilmer e365a269df fs/squashfs: fix heap buffer overflow in sqfs_frag_lookup() 
sqfs_frag_lookup() reads a 16-bit metadata block header whose lower
15 bits encode the data size. Unlike sqfs_read_metablock() in
sqfs_inode.c, this function does not validate that the decoded size is
within SQFS_METADATA_BLOCK_SIZE (8192). A malformed SquashFS image can
set the size field to any value up to 32767, causing memcpy to write
past the 8192-byte 'entries' heap buffer.

Add the same bounds check used by sqfs_read_metablock(): reject any
metadata block header with SQFS_METADATA_SIZE(header) exceeding
SQFS_METADATA_BLOCK_SIZE.

Found by fuzzing with libFuzzer + AddressSanitizer.

Signed-off-by: Eric Kilmer <eric.kilmer@trailofbits.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
2026-02-23 12:45:50 -06:00
..
btrfs
fs: btrfs: Do not free multi when guaranteed to be NULL
2025-07-15 09:55:37 -06:00
cbfs
Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"
2024-05-20 13:35:03 -06:00
cramfs
fs/cramfs: use schedule instead of cyclic_run as callback
2024-10-23 06:52:38 +02:00
erofs
fs/erofs: Fix realloc error handling
2025-12-05 16:23:54 -06:00
exfat
fs: exfat: Remove unused label code
2025-07-24 13:30:20 -06:00
ext4
Merge patch series "fix integer overflows in filesystem code"
2026-01-16 13:04:47 -06:00
fat
fs: fat: Perform sanity checks on getsize in get_fatent()
2025-12-12 08:52:57 -06:00
jffs2
fs/jffs2: Make depend on !64BIT
2025-12-10 11:59:38 -06:00
sandbox
global: Rename SPL_TPL_ to PHASE_
2024-10-11 11:44:48 -06:00
squashfs
fs/squashfs: fix heap buffer overflow in sqfs_frag_lookup()
2026-02-23 12:45:50 -06:00
ubifs
fs: ubifs: Fix and rework error handling in ubifs_finddir
2025-10-08 11:36:05 +02:00
zfs
fs: prevent integer overflow in zfs_nvlist_lookup
2026-01-16 13:04:40 -06:00
fs_internal.c
fs: fs_devread should log error when read outside partition
2025-05-23 10:42:31 -06:00
fs.c
fs: prevent integer overflow in fs.c do_mv
2026-01-16 13:04:40 -06:00
Kconfig
fs: exfat: Add U-Boot porting layer
2025-04-02 20:00:59 -06:00
Makefile
fs: exfat: Add U-Boot porting layer
2025-04-02 20:00:59 -06:00
semihostingfs.c
fs: semihosting: Use correct variable for error check
2025-10-17 18:07:20 -06:00