Squashfs: Valid filesystems are flagged as bad by the corrupted fs patch (363911d0) · Commits · 戴 / test

The corrupted filesystem patch added a check against zlib trying to output too much data in the presence of data corruption. This check triggered if zlib_inflate asked to be called again (Z_OK) with avail_out == 0 and no more output buffers available. This check proves to be rather dumb, as it incorrectly catches the case where zlib has generated all the output, but there are still input bytes to be processed. This patch does a number of things. It removes the original check and replaces it with code to not move to the next output buffer if there are no more output buffers available, relying on zlib to error if it wants an extra output buffer in the case of data corruption. It also replaces the Z_NO_FLUSH flag with the more correct Z_SYNC_FLUSH flag, and makes the error messages more understandable to non-technical users. Signed-off-by:

Phillip Lougher <phillip@lougher.demon.co.uk> Reported-by:

Stefan Lippers-Hollmann <s.L-H@gmx.de>

fs/squashfs/block.c

+4 −17

Original line number	Diff line number	Diff line
		@@ -184,15 +184,7 @@ int squashfs_read_data(struct super_block sb, void *buffer, u64 index,
		offset = 0;
		}

		if (msblk->stream.avail_out == 0) {
		if (page == pages) {
		ERROR("zlib_inflate tried to "
		"decompress too much data, "
		"expected %d bytes. Zlib "
		"data probably corrupt\n",
		srclength);
		goto release_mutex;
		}
		if (msblk->stream.avail_out == 0 && page < pages) {
		msblk->stream.next_out = buffer[page++];
		msblk->stream.avail_out = PAGE_CACHE_SIZE;
		}
		@@ -209,25 +201,20 @@ int squashfs_read_data(struct super_block sb, void *buffer, u64 index,
		zlib_init = 1;
		}

		zlib_err = zlib_inflate(&msblk->stream, Z_NO_FLUSH);
		zlib_err = zlib_inflate(&msblk->stream, Z_SYNC_FLUSH);

		if (msblk->stream.avail_in == 0 && k < b)
		put_bh(bh[k++]);
		} while (zlib_err == Z_OK);

		if (zlib_err != Z_STREAM_END) {
		ERROR("zlib_inflate returned unexpected result"
		" 0x%x, srclength %d, avail_in %d,"
		" avail_out %d\n", zlib_err, srclength,
		msblk->stream.avail_in,
		msblk->stream.avail_out);
		ERROR("zlib_inflate error, data probably corrupt\n");
		goto release_mutex;
		}

		zlib_err = zlib_inflateEnd(&msblk->stream);
		if (zlib_err != Z_OK) {
		ERROR("zlib_inflateEnd returned unexpected result 0x%x,"
		" srclength %d\n", zlib_err, srclength);
		ERROR("zlib_inflate error, data probably corrupt\n");
		goto release_mutex;
		}
		length = msblk->stream.total_out;

Admin message