From 9bab21334cb900357cb07fe6ce527a45a7f76457 Mon Sep 17 00:00:00 2001
From: Sven Hoexter <sven@timegate.de>
Date: Thu, 29 Oct 2015 09:32:41 +0100
Subject: [PATCH] Add d/patches/detect-infinite-loop. Fix for
 https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing
 Project.

---
 debian/changelog                    |  3 ++
 debian/patches/detect-infinite-loop | 52 +++++++++++++++++++++++++++++
 debian/patches/series               |  1 +
 3 files changed, 56 insertions(+)
 create mode 100644 debian/patches/detect-infinite-loop

diff --git a/debian/changelog b/debian/changelog
index 300f2e9..624cae1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,9 @@ exfat-utils (1.1.0-3) UNRELEASED; urgency=medium
   * Add d/patches/check-sector-and-cluster-size. Fix for
     https://github.com/relan/exfat/issues/5 found and reported by
     The Fuzzing Project.
+  * Add d/patches/detect-infinite-loop. Fix for
+    https://github.com/relan/exfat/issues/6 found and reported by
+    The Fuzzing Project.
 
  -- Sven Hoexter <hoexter@debian.org>  Thu, 29 Oct 2015 09:03:18 +0100
 
diff --git a/debian/patches/detect-infinite-loop b/debian/patches/detect-infinite-loop
new file mode 100644
index 0000000..a50f38c
--- /dev/null
+++ b/debian/patches/detect-infinite-loop
@@ -0,0 +1,52 @@
+Patch for https://github.com/relan/exfat/issues/6
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -30,23 +30,32 @@
+ 
+ static uint64_t rootdir_size(const struct exfat* ef)
+ {
+-	uint64_t clusters = 0;
++	uint32_t clusters = 0;
++	uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
+ 	cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
+ 
+-	while (!CLUSTER_INVALID(rootdir_cluster))
++	/* Iterate all clusters of the root directory to calculate its size.
++	   It can't be contiguous because there is no flag to indicate this. */
++	do
+ 	{
+-		clusters++;
+-		/* root directory cannot be contiguous because there is no flag
+-		   to indicate this */
++		if (clusters == clusters_max) /* infinite loop detected */
++		{
++			exfat_error("root directory cannot occupy all %d clusters",
++					clusters);
++			return 0;
++		}
++		if (CLUSTER_INVALID(rootdir_cluster))
++		{
++			exfat_error("bad cluster %#x while reading root directory",
++					rootdir_cluster);
++			return 0;
++		}
+ 		rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
++		clusters++;
+ 	}
+-	if (rootdir_cluster != EXFAT_CLUSTER_END)
+-	{
+-		exfat_error("bad cluster %#x while reading root directory",
+-				rootdir_cluster);
+-		return 0;
+-	}
+-	return clusters * CLUSTER_SIZE(*ef->sb);
++	while (rootdir_cluster != EXFAT_CLUSTER_END);
++
++	return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
+ }
+ 
+ static const char* get_option(const char* options, const char* option_name)
diff --git a/debian/patches/series b/debian/patches/series
index 64264cf..d86ff4a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 check-sector-and-cluster-size
+detect-infinite-loop
-- 
2.39.2