Re: [PATCH] adfs: reject disc records smaller than one filesystem block

From: Kees Cook

Date: Wed Jun 10 2026 - 16:25:52 EST


On Fri, Jun 05, 2026 at 06:37:34PM +0000, Samuel Moelius wrote:
> ADFS uses the on-disk disc size to report statfs block counts. The disc
> record validator checks the sector size, id length, high disc-size bits,
> map zone count, and reserved bytes, but it accepts a declared disc size
> smaller than one filesystem block.
>
> A crafted one-zone image with log2secsize 9 and disc_size 1 can pass map
> checksum validation and mount. A subsequent statfs then reports zero
> f_blocks from adfs_map_statfs(), and adfs_statfs() divides by that zero
> while deriving f_ffree.
>
> Reject disc records whose declared disc size is smaller than one
> filesystem block.

Can you create a tools/testing/selftests/ script that will generate a
good and bad image and attempt to mount both, validating the filesystem
checking logic you're adding here?

-Kees

>
> Assisted-by: Codex:gpt-5.5-cyber-preview
> Signed-off-by: Samuel Moelius <sam.moelius@xxxxxxxxxxxxxxx>
> ---
> fs/adfs/super.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/adfs/super.c b/fs/adfs/super.c
> index a4cd0a5159dd..cb8f3919e3bb 100644
> --- a/fs/adfs/super.c
> +++ b/fs/adfs/super.c
> @@ -73,6 +73,10 @@ static int adfs_checkdiscrecord(struct adfs_discrecord *dr)
> if (le32_to_cpu(dr->disc_size_high) >> dr->log2secsize)
> return 1;
>
> + /* disc size must contain at least one filesystem block */
> + if (adfs_disc_size(dr) < (1ULL << dr->log2secsize))
> + return 1;
> +
> /*
> * Maximum idlen is limited to 16 bits for new directories by
> * the three-byte storage of an indirect disc address. For
> --
> 2.43.0
>

--
Kees Cook