staging: erofs: avoid endless loop of invalid lookback distance 0

As reported by erofs-utils fuzzer, Lookback distance should be a positive number, so it should be actually looked back rather than spinning. Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter") Cc: <stable@vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-7-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Gao Xiang <gaoxiang25@huawei.com> 2019-08-19 18:34:26 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-08-21 05:44:07 -0700
commit: 598bb8913d015150b7734b55443c0e53e7189fc7 (patch)
tree: 1dde1ef92aad42f83ee7b196086aa8672815d4e0 /drivers/staging
parent: 138e1a0990e80db486ab9f6c06bd5c01f9a97999 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c
index 7408e86823a4..774dacbc5b32 100644
--- a/drivers/staging/erofs/zmap.c
+++ b/drivers/staging/erofs/zmap.c
@@ -350,6 +350,12 @@ static int vle_extent_lookback(struct z_erofs_maprecorder *m,
 
 	switch (m->type) {
 	case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD:
+		if (unlikely(!m->delta[0])) {
+			errln("invalid lookback distance 0 at nid %llu",
+			      vi->nid);
+			DBG_BUGON(1);
+			return -EFSCORRUPTED;
+		}
 		return vle_extent_lookback(m, m->delta[0]);
 	case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN:
 		map->m_flags &= ~EROFS_MAP_ZIPPED;
author	Gao Xiang <gaoxiang25@huawei.com>	2019-08-19 18:34:26 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-08-21 05:44:07 -0700
commit	598bb8913d015150b7734b55443c0e53e7189fc7 (patch)
tree	1dde1ef92aad42f83ee7b196086aa8672815d4e0 /drivers/staging
parent	138e1a0990e80db486ab9f6c06bd5c01f9a97999 (diff)