From: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx> [ Upstream commit b1b65750b8db67834482f758fc385bfa7560d228 ] If FAT length == 0, the image doesn't have any data. And it can be the cause of overlapping the root dir and FAT entries. Also Windows treats it as invalid format. Reported-by: syzbot+6f1624f937d9d6911e2d@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Marco Elver <elver@xxxxxxxxxx> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Link: http://lkml.kernel.org/r/87r1wz8mrd.fsf@xxxxxxxxxxxxxxxxxx Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- fs/fat/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/fat/inode.c b/fs/fat/inode.c index 70d37a5fd72c..607e1d124062 100644 --- a/fs/fat/inode.c +++ b/fs/fat/inode.c @@ -1519,6 +1519,12 @@ static int fat_read_bpb(struct super_block *sb, struct fat_boot_sector *b, goto out; } + if (bpb->fat_fat_length == 0 && bpb->fat32_length == 0) { + if (!silent) + fat_msg(sb, KERN_ERR, "bogus number of FAT sectors"); + goto out; + } + error = 0; out: -- 2.25.1