Re: [f2fs-dev] [PATCH] f2fs-tools: fix heap-buffer-overflow of reading SSA from checkpoint area

[Chao Yu]

On 2026/3/4 01:00, Daeho Jeong wrote:
> From: Daeho Jeong <daehojeong@xxxxxxxxxx>
>
> Reproduction:
> truncate -s 512M overflow.img
> ./out/host/linux-x86/bin/make_f2fs -g android -b 16384 -w 16384 -O packed_ssa overflow.img
> mkdir -p empty_dir
> export ASAN_OPTIONS=detect_leaks=0:abort_on_error=1
> ./out/host/linux-x86/bin/sload_f2fs -f empty_dir -t /data overflow.img
>
> Result:
> ==306082==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7df5201e2500 at pc 0x5567ea010583 bp 0x7ffc3386c210 sp 0x7ffc3386b9d8
> READ of size 16384 at 0x7df5201e2500 thread T0
>
> Even though we can reduce the summary block to 4KB, we need to maintain
> backward compatibility for the checkpoint area. Therefore, the summary
> block there must match the block size, so it is correct to use F2FS_BLKSIZE.
>
> Fixes: ad1357c34023 ("f2fs-tools: revert summary entry count from 2048 to 512 in 16kb block support")
> Reported-by: Maxim Pleshivenkov <mpleshivenkov@xxxxxxxxxx>
> Signed-off-by: Daeho Jeong <daehojeong@xxxxxxxxxx>

Reviewed-by: Chao Yu <chao@xxxxxxxxxx>

Thanks,