erofs: Reject obviously bogus non-inline file sizes

This avoids us trying to malloc() something ridiculous. Signed-off-by: Colin Walters <[email protected]>
cgwalters · Sep 10, 2024 · 31c43f9 · 31c43f9
1 parent 114c2d5
commit 31c43f9
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/libcomposefs/lcfs-writer-erofs.c b/libcomposefs/lcfs-writer-erofs.c
@@ -1818,6 +1818,12 @@ static struct lcfs_node_s *lcfs_build_node_from_image(struct lcfs_image_data *da
 		// Filter only applies to toplevel
 		assert(filter == NULL);
 
+		// Reject obviously bogus file sizes
+		if (file_size > data->erofs_data_size) {
+			errno = EINVAL;
+			return NULL;
+		}
+
 		content = malloc(file_size);
 		if (content == NULL) {
 			errno = ENOMEM;