Check sector and cluster size before use.

Otherwise malformed FS can cause heap corruption.

diff --git a/libexfat/mount.c b/libexfat/mount.c
index 7ccdd4e..f25d71d 100644 (file)
--- a/libexfat/mount.c
+++ b/libexfat/mount.c
@@ -206,6 +206,23 @@ int exfat_mount(struct exfat* ef, const char* spec, const char* options)
                exfat_error("exFAT file system is not found");
                return -EIO;
        }
+       /* sector cannot be smaller than 512 bytes */
+       if (ef->sb->sector_bits < 9)
+       {
+               exfat_close(ef->dev);
+               exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
+               free(ef->sb);
+               return -EIO;
+       }
+       /* officially exFAT supports cluster size up to 32 MB */
+       if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+       {
+               exfat_close(ef->dev);
+               exfat_error("too big cluster size: 2^(%hhd+%hhd)",
+                               ef->sb->sector_bits, ef->sb->spc_bits);
+               free(ef->sb);
+               return -EIO;
+       }
        ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
        if (ef->zero_cluster == NULL)
        {
@@ -240,16 +257,6 @@ int exfat_mount(struct exfat* ef, const char* spec, const char* options)
                free(ef->sb);
                return -EIO;
        }
-       /* officially exFAT supports cluster size up to 32 MB */
-       if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
-       {
-               free(ef->zero_cluster);
-               exfat_close(ef->dev);
-               exfat_error("too big cluster size: 2^%d",
-                               (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
-               free(ef->sb);
-               return -EIO;
-       }
        if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
                        exfat_get_size(ef->dev))
        {