blob: a212b04b8c76a2ff7375d2a5d005700d1601d509 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <thomas@t-8ch.de>
Date: Thu, 10 Nov 2022 18:35:00 +0100
Subject: [PATCH 25/26] libblkid: ntfs: avoid UB in signed shift
Fix OSS-Fuzz issue 53142 ( #1886 )
Fix OSS-Fuzz issue 53160 ( #1888 )
---
libblkid/src/superblocks/ntfs.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
index dced699..217e7e8 100644
--- a/libblkid/src/superblocks/ntfs.c
+++ b/libblkid/src/superblocks/ntfs.c
@@ -135,11 +135,15 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
}
}
- if (ns->clusters_per_mft_record > 0)
+ if (ns->clusters_per_mft_record > 0) {
mft_record_size = ns->clusters_per_mft_record *
sectors_per_cluster * sector_size;
- else
- mft_record_size = 1 << (0 - ns->clusters_per_mft_record);
+ } else {
+ int8_t mft_record_size_shift = 0 - ns->clusters_per_mft_record;
+ if (mft_record_size_shift < 0 || mft_record_size_shift >= 31)
+ return 1;
+ mft_record_size = 1 << mft_record_size_shift;
+ }
nr_clusters = le64_to_cpu(ns->number_of_sectors) / sectors_per_cluster;
|
