--- /dev/null
+Patch for https://github.com/relan/exfat/issues/5
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const
+ exfat_error("exFAT file system is not found");
+ return -EIO;
+ }
++ /* sector cannot be smaller than 512 bytes */
++ if (ef->sb->sector_bits < 9)
++ {
++ exfat_close(ef->dev);
++ exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
++ free(ef->sb);
++ return -EIO;
++ }
++ /* officially exFAT supports cluster size up to 32 MB */
++ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
++ {
++ exfat_close(ef->dev);
++ exfat_error("too big cluster size: 2^(%hhd+%hhd)",
++ ef->sb->sector_bits, ef->sb->spc_bits);
++ free(ef->sb);
++ return -EIO;
++ }
+ ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
+ if (ef->zero_cluster == NULL)
+ {
+@@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const
+ free(ef->sb);
+ return -EIO;
+ }
+- /* officially exFAT supports cluster size up to 32 MB */
+- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+- {
+- free(ef->zero_cluster);
+- exfat_close(ef->dev);
+- exfat_error("too big cluster size: 2^%d",
+- (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
+- free(ef->sb);
+- return -EIO;
+- }
+ if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
+ exfat_get_size(ef->dev))
+ {
projects / sven / exfat-utils.git / blobdiff