On Thu, Apr 25, 2024 at 09:44:33PM +0900, Jeongjun Park wrote: > Through direct testing and debugging, I've determined that this > vulnerability occurs when mounting an incorrect image, leading to > the potential passing of an excessively large value to > 'sbi->bmap->db_agl2size'. Importantly, there have been no instances > of memory corruption observed within 'sbi->bmap->db_agl2size'. > > Therefore, I think implementing a patch that terminates the > function in cases where an invalid value is detected. If that's the problem then the correct place to detect & reject this is during mount, not at inode free time.
