diff options
author | Theodore Ts'o <tytso@mit.edu> | 2022-08-13 16:39:17 -0400 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2022-08-13 16:39:17 -0400 |
commit | 28dce1ed0e7ff6cb89024d754570b954c329f2f6 (patch) | |
tree | 0d07167cc6fd240feaa2a993051157e0c9478247 | |
parent | 18ebcf26f478702cd09dd4229320d449469f1490 (diff) | |
download | e2fsprogs-28dce1ed0e7ff6cb89024d754570b954c329f2f6.tar.gz |
libext2fs: avoid looping forever in e2image when superblock is invalid
If the number of blocks or inodes per block group is not a multiple of
8 (which are invalid values) ext2fs_image_bitmap{read,write} can loop
forever. These file systems should be not be allowed to be opened
(without EXT2_FLAG_IGNORE_SB_ERRORS) but for the fact that a long time
ago, Android devices used a buggy (but BSD-licensed, which was what
was important to the early Android founders) program for creating file
systems which would create these invalid file systems. E2fsck
couldn't actually correctly repair these file systems, but adding a
check to enforce this (in e2fsprogs and in the kernel) would have
broken some of these devices, so support for these bogus file system
was in a grey area for many years.
We will be tightening this up soon, but for now, we'll apply this
quick fix so attempts to use e2image won't hang forever. (Not that
Android ever shipped e2image in those days, of course...)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-rw-r--r-- | lib/ext2fs/imager.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ext2fs/imager.c b/lib/ext2fs/imager.c index 6f8582a88..23290a6a2 100644 --- a/lib/ext2fs/imager.c +++ b/lib/ext2fs/imager.c @@ -372,6 +372,8 @@ errcode_t ext2fs_image_bitmap_write(ext2_filsys fs, int fd, int flags) size = sizeof(buf); if (size > (cnt >> 3)) size = (cnt >> 3); + if (size == 0) + break; retval = ext2fs_get_generic_bmap_range(bmap, itr, size << 3, buf); @@ -447,6 +449,8 @@ errcode_t ext2fs_image_bitmap_read(ext2_filsys fs, int fd, int flags) size = sizeof(buf); if (size > (cnt >> 3)) size = (cnt >> 3); + if (size == 0) + break; actual = read(fd, buf, size); if (actual == -1) |