1 Patch for https://github.com/relan/exfat/issues/5
3 https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
4 Index: exfat-utils/libexfat/mount.c
5 ===================================================================
6 --- exfat-utils.orig/libexfat/mount.c
7 +++ exfat-utils/libexfat/mount.c
8 @@ -172,6 +172,24 @@ int exfat_mount(struct exfat* ef, const
9 exfat_error("exFAT file system is not found");
12 + /* sector cannot be smaller than 512 bytes */
13 + if (ef->sb->sector_bits < 9)
15 + exfat_close(ef->dev);
16 + exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
20 + /* officially exFAT supports cluster size up to 32 MB */
21 + if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
23 + exfat_close(ef->dev);
24 + exfat_error("too big cluster size: 2^(%hhd+%hhd)",
25 + ef->sb->sector_bits, ef->sb->spc_bits);
30 if (ef->sb->version.major != 1 || ef->sb->version.minor != 0)
33 @@ -187,16 +205,6 @@ int exfat_mount(struct exfat* ef, const
34 exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count);
37 - /* officially exFAT supports cluster size up to 32 MB */
38 - if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
40 - exfat_close(ef->dev);
42 - exfat_error("too big cluster size: 2^%d",
43 - (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
47 ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
48 if (ef->zero_cluster == NULL)