fs: prevent integer overflow in ext4fs_get_bgdtable

An integer overflow in gdsize_total calculation could lead to under-allocation and heap buffer overflow. Signed-off-by: Timo tp Preißl <[email protected]> Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Tom Rini <[email protected]>
author: Timo tp Preißl <[email protected]> 2026-01-09 11:25:07 +0000
committer: Tom Rini <[email protected]> 2026-01-16 13:04:40 -0600
commit: fc16c847a1c9c6e0ee1f605849cc500a04c21602 (patch)
tree: cc7968300e10c14ee76973b5137af19e45eb498c /fs
parent: 870aff99a279ed428c5a2560b2441b3079ddb34b (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c
index 5b290f0d80d..1483e9955c0 100644
--- a/fs/ext4/ext4_write.c
+++ b/fs/ext4/ext4_write.c
@@ -108,7 +108,13 @@ int ext4fs_get_bgdtable(void)
 {
 	int status;
 	struct ext_filesystem *fs = get_fs();
-	int gdsize_total = ROUND(fs->no_blkgrp * fs->gdsize, fs->blksz);
+	size_t alloc;
+	size_t gdsize_total;
+
+	if (__builtin_mul_overflow(fs->no_blkgrp, fs->gdsize, &alloc))
+		return -1;
+
+	gdsize_total = ROUND(alloc, fs->blksz);
 	fs->no_blk_pergdt = gdsize_total / fs->blksz;
 
 	/* allocate memory for gdtable */
author	Timo tp Preißl <[email protected]>	2026-01-09 11:25:07 +0000
committer	Tom Rini <[email protected]>	2026-01-16 13:04:40 -0600
commit	fc16c847a1c9c6e0ee1f605849cc500a04c21602 (patch)
tree	cc7968300e10c14ee76973b5137af19e45eb498c /fs
parent	870aff99a279ed428c5a2560b2441b3079ddb34b (diff)