We don't validate the 'group' argument, so it's easy to get underflows
or crashes here.
This resolves issues seen in ureadahead, when it uses an old packfile
(with mismatching group indices) with a new filesystem.
Signed-off-by: Brian Norris <briannorris@xxxxxxxxxxxx>
---
lib/ext2fs/inode.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/ext2fs/inode.c b/lib/ext2fs/inode.c
index 957d5aa9f9d6..96d854b5fb69 100644
--- a/lib/ext2fs/inode.c
+++ b/lib/ext2fs/inode.c
@@ -313,6 +313,9 @@ static errcode_t get_next_blockgroup(ext2_inode_scan scan)
errcode_t ext2fs_inode_scan_goto_blockgroup(ext2_inode_scan scan,
int group)
{
+ if (group <= 0 || group >= scan->fs->group_desc_count)
+ return EXT2_ET_INVALID_ARGUMENT;
+
scan->current_group = group - 1;
scan->groups_left = scan->fs->group_desc_count - group;
scan->bad_block_ptr = 0;
--
2.43.0.rc2.451.g8631bc7472-goog
