Gentwo Git Trees - linux/.git/commit

author	Gao Xiang <hsiangkao@linux.alibaba.com>
	Fri, 17 Oct 2025 07:05:38 +0000 (15:05 +0800)
committer	Gao Xiang <hsiangkao@linux.alibaba.com>
	Tue, 21 Oct 2025 23:54:11 +0000 (07:54 +0800)
commit	e13d315ae077bb7c3c6027cc292401bc0f4ec683
tree	46840f0bd57866bc4d5e2f092bf75cb9ddc6af30	tree \| snapshot
parent	a429b76114aaca3ef1aff4cd469dcf025431bd11	commit \| diff

erofs: avoid infinite loops due to corrupted subpage compact indexes

Robert reported an infinite loop observed by two crafted images.

The root cause is that `clusterofs` can be larger than `lclustersize`
for !NONHEAD `lclusters` in corrupted subpage compact indexes, e.g.:

blocksize = lclustersize = 512 lcn = 6 clusterofs = 515

Move the corresponding check for full compress indexes to
`z_erofs_load_lcluster_from_disk()` to also cover subpage compact
compress indexes.

It also fixes the position of `m->type >= Z_EROFS_LCLUSTER_TYPE_MAX`
check, since it should be placed right after
`z_erofs_load_{compact,full}_lcluster()`.

Fixes: 8d2517aaeea3 ("erofs: fix up compacted indexes for block size < 4096")
Fixes: 1a5223c182fd ("erofs: do sanity check on m->type in z_erofs_load_compact_lcluster()")
Reported-by: Robert Morris <rtm@csail.mit.edu>
Closes: https://lore.kernel.org/r/35167.1760645886@localhost
Reviewed-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>