libext2fs: teach ext2fs_open() to reject file systems with an invalid flex_bg size

If s_log_groups_per_flex is greater than 31, it will result in an UBSAN error, since it will result in an invalid shift exponent when calculating the flex_bg size. So reject such file systems when they are opened. (The mke2fs program will not allow the creation of such file systems, so they can only occur due to corruption.) Signed-off-by: Theodore Ts'o <tytso@mit.edu>
author: Theodore Ts'o <tytso@mit.edu> 2022-08-06 02:21:49 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2022-08-06 02:21:49 -0400
commit: 80e1504f2ce33c9ebc5045009c7bcde9315526c0 (patch)
tree: 7482f8e990668ca300035339a061d6bfc000360b
parent: 2a2b9ceb99c226952a96abbcfb95b2540f8b7ecd (diff)
download: e2fsprogs-80e1504f2ce33c9ebc5045009c7bcde9315526c0.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index 05839ad68..bda8274fb 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -299,7 +299,8 @@ retry:
 	     (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) ||
 	    (fs->super->s_log_cluster_size >
 	     (unsigned) (EXT2_MAX_CLUSTER_LOG_SIZE - EXT2_MIN_CLUSTER_LOG_SIZE)) ||
-	    (fs->super->s_log_block_size > fs->super->s_log_cluster_size)) {
+	    (fs->super->s_log_block_size > fs->super->s_log_cluster_size) ||
+	    (fs->super->s_log_groups_per_flex > 31)) {
 		retval = EXT2_ET_CORRUPT_SUPERBLOCK;
 		goto cleanup;
 	}
author	Theodore Ts'o <tytso@mit.edu>	2022-08-06 02:21:49 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2022-08-06 02:21:49 -0400
commit	80e1504f2ce33c9ebc5045009c7bcde9315526c0 (patch)
tree	7482f8e990668ca300035339a061d6bfc000360b
parent	2a2b9ceb99c226952a96abbcfb95b2540f8b7ecd (diff)
download	e2fsprogs-80e1504f2ce33c9ebc5045009c7bcde9315526c0.tar.gz