squashfs: Fix integer overflow in sqfs_resolve_symlink()

A carefully crafted squashfs filesystem can exhibit an inode size of 0xffffffff,
as a consequence malloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.
Avoid the overflow by using the __builtin_add_overflow() helper.

Signed-off-by: Richard Weinberger <[email protected]>
Reviewed-by: Miquel Raynal <[email protected]>

0 files changed, 0 insertions, 0 deletions