1 files changed, 33 insertions, 0 deletions

diff --git a/debian/patches/upstream/0025-libblkid-ntfs-avoid-UB-in-signed-shift.patch b/debian/patches/upstream/0025-libblkid-ntfs-avoid-UB-in-signed-shift.patch
new file mode 100644
index 0000000..a212b04
--- /dev/null
+++ b/debian/patches/upstream/0025-libblkid-ntfs-avoid-UB-in-signed-shift.patch
@@ -0,0 +1,33 @@
+From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Thu, 10 Nov 2022 18:35:00 +0100
+Subject: [PATCH 25/26] libblkid: ntfs: avoid UB in signed shift
+
+Fix OSS-Fuzz issue 53142 ( #1886 )
+Fix OSS-Fuzz issue 53160 ( #1888 )
+---
+ libblkid/src/superblocks/ntfs.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
+index dced699..217e7e8 100644
+--- a/libblkid/src/superblocks/ntfs.c
++++ b/libblkid/src/superblocks/ntfs.c
+@@ -135,11 +135,15 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
+ 		}
+ 	}
+ 
+-	if (ns->clusters_per_mft_record > 0)
++	if (ns->clusters_per_mft_record > 0) {
+ 		mft_record_size = ns->clusters_per_mft_record *
+ 				  sectors_per_cluster * sector_size;
+-	else
+-		mft_record_size = 1 << (0 - ns->clusters_per_mft_record);
++	} else {
++		int8_t mft_record_size_shift = 0 - ns->clusters_per_mft_record;
++		if (mft_record_size_shift < 0 || mft_record_size_shift >= 31)
++			return 1;
++		mft_record_size = 1 << mft_record_size_shift;
++	}
+ 
+ 	nr_clusters = le64_to_cpu(ns->number_of_sectors) / sectors_per_cluster;
+