From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Thu, 10 Nov 2022 17:35:00 +0000 (+0100)
Subject: [PATCH 25/26] libblkid: ntfs: avoid UB in signed shift
X-Git-Tag: archive/raspbian/2.40.2-8+rpi1~1^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2~7
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/%22bookmarks:/?a=commitdiff_plain;h=1270032bcb7de3a8daa0dd24eadc461e328d7ab3;p=util-linux.git

[PATCH 25/26] libblkid: ntfs: avoid UB in signed shift

Fix OSS-Fuzz issue 53142 ( #1886 )
Fix OSS-Fuzz issue 53160 ( #1888 )

Gbp-Pq: Topic upstream
Gbp-Pq: Name 0025-libblkid-ntfs-avoid-UB-in-signed-shift.patch
---

diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
index dced699..217e7e8 100644
--- a/libblkid/src/superblocks/ntfs.c
+++ b/libblkid/src/superblocks/ntfs.c
@@ -135,11 +135,15 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
 		}
 	}
 
-	if (ns->clusters_per_mft_record > 0)
+	if (ns->clusters_per_mft_record > 0) {
 		mft_record_size = ns->clusters_per_mft_record *
 				  sectors_per_cluster * sector_size;
-	else
-		mft_record_size = 1 << (0 - ns->clusters_per_mft_record);
+	} else {
+		int8_t mft_record_size_shift = 0 - ns->clusters_per_mft_record;
+		if (mft_record_size_shift < 0 || mft_record_size_shift >= 31)
+			return 1;
+		mft_record_size = 1 << mft_record_size_shift;
+	}
 
 	nr_clusters = le64_to_cpu(ns->number_of_sectors) / sectors_per_cluster;