1 files changed, 97 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch b/poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch
new file mode 100644
index 0000000000..4d190363b9
--- /dev/null
+++ b/poky/meta/recipes-devtools/erofs-utils/erofs-utils/CVE-2023-33552-2.patch
@@ -0,0 +1,97 @@
+From 3a360e01058467573bd7239fa430d8dc5fbd60f4 Mon Sep 17 00:00:00 2001
+From: Yue Hu <huyue2@coolpad.com>
+Date: Wed, 11 Jan 2023 09:49:27 +0800
+Subject: [PATCH 3/4] erofs-utils: fsck: cleanup erofs_verify_inode_data()
+
+Diretly call {z_}erofs_read_one_data() to avoid duplicated code.
+Accordingly, fragment and partial-referenced plusters are also supported
+after this change.
+
+Signed-off-by: Yue Hu <huyue2@coolpad.com>
+Link: https://lore.kernel.org/r/115e61fc9c2d34cab6d3dd78383ac57c94a491fc.1673401718.git.huyue2@coolpad.com
+Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+
+CVE: CVE-2023-33552
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?id=87430c69e1d542928c4519e8fabfd6348a741999]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ fsck/main.c | 53 ++++++++++-------------------------------------------
+ 1 file changed, 10 insertions(+), 43 deletions(-)
+
+diff --git a/fsck/main.c b/fsck/main.c
+index 2b6a6dd..92ef17a 100644
+--- a/fsck/main.c
++++ b/fsck/main.c
+@@ -366,7 +366,6 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd)
+ 	struct erofs_map_blocks map = {
+ 		.index = UINT_MAX,
+ 	};
+-	struct erofs_map_dev mdev;
+ 	int ret = 0;
+ 	bool compressed;
+ 	erofs_off_t pos = 0;
+@@ -427,51 +426,19 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd)
+ 			BUG_ON(!raw);
+ 		}
+ 
+-		mdev = (struct erofs_map_dev) {
+-			.m_deviceid = map.m_deviceid,
+-			.m_pa = map.m_pa,
+-		};
+-		ret = erofs_map_dev(&sbi, &mdev);
+-		if (ret) {
+-			erofs_err("failed to map device of m_pa %" PRIu64 ", m_deviceid %u @ nid %llu: %d",
+-				  map.m_pa, map.m_deviceid, inode->nid | 0ULL,
+-				  ret);
+-			goto out;
+-		}
+-
+-		if (compressed && map.m_llen > buffer_size) {
+-			buffer_size = map.m_llen;
+-			buffer = realloc(buffer, buffer_size);
+-			BUG_ON(!buffer);
+-		}
+-
+-		ret = dev_read(mdev.m_deviceid, raw, mdev.m_pa, map.m_plen);
+-		if (ret < 0) {
+-			erofs_err("failed to read data of m_pa %" PRIu64 ", m_plen %" PRIu64 " @ nid %llu: %d",
+-				  mdev.m_pa, map.m_plen, inode->nid | 0ULL,
+-				  ret);
+-			goto out;
+-		}
+-
+ 		if (compressed) {
+-			struct z_erofs_decompress_req rq = {
+-				.in = raw,
+-				.out = buffer,
+-				.decodedskip = 0,
+-				.inputsize = map.m_plen,
+-				.decodedlength = map.m_llen,
+-				.alg = map.m_algorithmformat,
+-				.partial_decoding = 0
+-			};
+-
+-			ret = z_erofs_decompress(&rq);
+-			if (ret < 0) {
+-				erofs_err("failed to decompress data of m_pa %" PRIu64 ", m_plen %" PRIu64 " @ nid %llu: %s",
+-					  mdev.m_pa, map.m_plen,
+-					  inode->nid | 0ULL, strerror(-ret));
+-				goto out;
++			if (map.m_llen > buffer_size) {
++				buffer_size = map.m_llen;
++				buffer = realloc(buffer, buffer_size);
++				BUG_ON(!buffer);
+ 			}
++			ret = z_erofs_read_one_data(inode, &map, raw, buffer,
++						0, map.m_llen, false);
++		} else {
++			ret = erofs_read_one_data(&map, raw, 0, map.m_plen);
+ 		}
++		if (ret)
++			goto out;
+ 
+ 		if (outfd >= 0 && write(outfd, compressed ? buffer : raw,
+ 					map.m_llen) < 0) {
+-- 
+2.25.1
+