--- /dev/null
+Patch for https://github.com/relan/exfat/issues/5
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -172,6 +172,24 @@ int exfat_mount(struct exfat* ef, const
+ exfat_error("exFAT file system is not found");
+ return -EIO;
+ }
++ /* sector cannot be smaller than 512 bytes */
++ if (ef->sb->sector_bits < 9)
++ {
++ exfat_close(ef->dev);
++ exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
++ free(ef->sb);
++ return -EIO;
++ }
++ /* officially exFAT supports cluster size up to 32 MB */
++ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
++ {
++ exfat_close(ef->dev);
++ exfat_error("too big cluster size: 2^(%hhd+%hhd)",
++ ef->sb->sector_bits, ef->sb->spc_bits);
++ free(ef->sb);
++ return -EIO;
++ }
++
+ if (ef->sb->version.major != 1 || ef->sb->version.minor != 0)
+ {
+ exfat_close(ef->dev);
+@@ -187,16 +205,6 @@ int exfat_mount(struct exfat* ef, const
+ exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count);
+ return -EIO;
+ }
+- /* officially exFAT supports cluster size up to 32 MB */
+- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+- {
+- exfat_close(ef->dev);
+- free(ef->sb);
+- exfat_error("too big cluster size: 2^%d",
+- (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
+- return -EIO;
+- }
+-
+ ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
+ if (ef->zero_cluster == NULL)
+ {
projects / sven / exfat-utils.git / blobdiff