1 Patch for https://github.com/relan/exfat/issues/6
3 https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
4 Index: exfat-utils/libexfat/mount.c
5 ===================================================================
6 --- exfat-utils.orig/libexfat/mount.c
7 +++ exfat-utils/libexfat/mount.c
10 static uint64_t rootdir_size(const struct exfat* ef)
12 - uint64_t clusters = 0;
13 + uint32_t clusters = 0;
14 + uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
15 cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
17 - while (!CLUSTER_INVALID(rootdir_cluster))
20 - /* root directory cannot be contiguous because there is no flag
22 - rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
23 + /* Iterate all clusters of the root directory to calculate its size.
24 + It can't be contiguous because there is no flag to indicate this. */
27 + if (clusters == clusters_max) /* infinite loop detected */
29 + exfat_error("root directory cannot occupy all %d clusters",
33 + if (CLUSTER_INVALID(rootdir_cluster))
35 + exfat_error("bad cluster %#x while reading root directory",
39 + rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
42 - return clusters * CLUSTER_SIZE(*ef->sb);
43 + while (rootdir_cluster != EXFAT_CLUSTER_END);
45 + return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
48 static const char* get_option(const char* options, const char* option_name)