Commit 363911d0 authored by Phillip Lougher's avatar Phillip Lougher

Squashfs: Valid filesystems are flagged as bad by the corrupted fs patch

The corrupted filesystem patch added a check against zlib trying to
output too much data in the presence of data corruption.  This check
triggered if zlib_inflate asked to be called again (Z_OK) with
avail_out == 0 and no more output buffers available.  This check proves
to be rather dumb, as it incorrectly catches the case where zlib has
generated all the output, but there are still input bytes to be processed.

This patch does a number of things.  It removes the original check and
replaces it with code to not move to the next output buffer if there
are no more output buffers available, relying on zlib to error if it
wants an extra output buffer in the case of data corruption.  It
also replaces the Z_NO_FLUSH flag with the more correct Z_SYNC_FLUSH
flag, and makes the error messages more understandable to
non-technical users.
Signed-off-by: default avatarPhillip Lougher <phillip@lougher.demon.co.uk>
Reported-by: default avatarStefan Lippers-Hollmann <s.L-H@gmx.de>
parent ebdcc81c
...@@ -184,15 +184,7 @@ int squashfs_read_data(struct super_block *sb, void **buffer, u64 index, ...@@ -184,15 +184,7 @@ int squashfs_read_data(struct super_block *sb, void **buffer, u64 index,
offset = 0; offset = 0;
} }
if (msblk->stream.avail_out == 0) { if (msblk->stream.avail_out == 0 && page < pages) {
if (page == pages) {
ERROR("zlib_inflate tried to "
"decompress too much data, "
"expected %d bytes. Zlib "
"data probably corrupt\n",
srclength);
goto release_mutex;
}
msblk->stream.next_out = buffer[page++]; msblk->stream.next_out = buffer[page++];
msblk->stream.avail_out = PAGE_CACHE_SIZE; msblk->stream.avail_out = PAGE_CACHE_SIZE;
} }
...@@ -209,25 +201,20 @@ int squashfs_read_data(struct super_block *sb, void **buffer, u64 index, ...@@ -209,25 +201,20 @@ int squashfs_read_data(struct super_block *sb, void **buffer, u64 index,
zlib_init = 1; zlib_init = 1;
} }
zlib_err = zlib_inflate(&msblk->stream, Z_NO_FLUSH); zlib_err = zlib_inflate(&msblk->stream, Z_SYNC_FLUSH);
if (msblk->stream.avail_in == 0 && k < b) if (msblk->stream.avail_in == 0 && k < b)
put_bh(bh[k++]); put_bh(bh[k++]);
} while (zlib_err == Z_OK); } while (zlib_err == Z_OK);
if (zlib_err != Z_STREAM_END) { if (zlib_err != Z_STREAM_END) {
ERROR("zlib_inflate returned unexpected result" ERROR("zlib_inflate error, data probably corrupt\n");
" 0x%x, srclength %d, avail_in %d,"
" avail_out %d\n", zlib_err, srclength,
msblk->stream.avail_in,
msblk->stream.avail_out);
goto release_mutex; goto release_mutex;
} }
zlib_err = zlib_inflateEnd(&msblk->stream); zlib_err = zlib_inflateEnd(&msblk->stream);
if (zlib_err != Z_OK) { if (zlib_err != Z_OK) {
ERROR("zlib_inflateEnd returned unexpected result 0x%x," ERROR("zlib_inflate error, data probably corrupt\n");
" srclength %d\n", zlib_err, srclength);
goto release_mutex; goto release_mutex;
} }
length = msblk->stream.total_out; length = msblk->stream.total_out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment