Re: [PATCH] erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()

[Gao Xiang]

On 2026/4/9 18:38, Junrui Luo wrote:
> Hi Gao Xiang,
>
> Thank you for the review.
>   
> On Thu, Apr 09, 2026 at 03:28:21PM +0800, Gao Xiang wrote:
>
> > For this kind of stuff, do you have a reproducer?
>
> I constructed a crafted EROFS image declaring plen=8192 and i_size=4096, giving
> inpages=2 and outpages=1. Tested under QEMU with kernel (v7.0-rc6) plus a temporary
> pr_warn trace in z_erofs_lz4_handle_overlap():
>
> [   12.889652] erofs: BOUNDARY CHECK: outpages=1 < inpages=2
>
> The image mounts and the decompressor is reached with
> partial_decoding=false and outpages < inpages.
>
> > I'm not sure what you're saying, but I don't think
> > you really understand the entire logic.
> >
> > `m_la + m_llen` should not be page-aligned for typical
> > erofs images, you can just mkfs.erofs -zlz4hc with some
> > file and check it yourself.
> >
> > BTW, I just check upstream, and the inplace branch
> > works prefectly.
>
> During testing I observed that the inplace branch was not entered with
> my crafted image and incorrectly concluded it was structurally unreachable.
> I apologize for the incorrect analysis.
Can you share your initial crafted image binary
with `gzip -9 | base64` encoding here?

I think the proper place to fix this is in
z_erofs_map_sanity_check().

But we only accept patches with proper reproducible
ways (e.g. base64-encoded zipped images or syzbot
link).

Thanks,
Gao Xiang