16 Aug
2024
16 Aug
'24
5:47 a.m.
On Fri, 02 Aug 2024 18:36:44 +0200, Richard Weinberger wrote:
A carefully crafted squashfs filesystem can exhibit an inode size of 0xffffffff, as a consequence malloc() will do a zero allocation. Later in the function the inode size is again used for copying data. So an attacker can overwrite memory. Avoid the overflow by using the __builtin_add_overflow() helper.
[...]
Applied to u-boot/next, thanks!
--
Tom