1 Patch for https://github.com/relan/exfat/issues/5
3 https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
4 Index: exfat-utils/libexfat/mount.c
5 ===================================================================
6 --- exfat-utils.orig/libexfat/mount.c
7 +++ exfat-utils/libexfat/mount.c
8 @@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const
9 exfat_error("exFAT file system is not found");
12 + /* sector cannot be smaller than 512 bytes */
13 + if (ef->sb->sector_bits < 9)
15 + exfat_close(ef->dev);
16 + exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
20 + /* officially exFAT supports cluster size up to 32 MB */
21 + if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
23 + exfat_close(ef->dev);
24 + exfat_error("too big cluster size: 2^(%hhd+%hhd)",
25 + ef->sb->sector_bits, ef->sb->spc_bits);
29 ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
30 if (ef->zero_cluster == NULL)
32 @@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const
36 - /* officially exFAT supports cluster size up to 32 MB */
37 - if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
39 - free(ef->zero_cluster);
40 - exfat_close(ef->dev);
41 - exfat_error("too big cluster size: 2^%d",
42 - (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
46 if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
47 exfat_get_size(ef->dev))