Squashfs: Fix oops when reading fsfuzzer corrupted filesystems

This fixes a code regression caused by the recent mainlining changes.
The recent code changes call zlib_inflate repeatedly, decompressing into
separate 4K buffers, this code didn't check for the possibility that
zlib_inflate might ask for too many buffers when decompressing corrupted
data.

Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>

1 files changed, 2 insertions, 2 deletions

diff --git a/fs/squashfs/cache.c b/fs/squashfs/cache.c
index f29eda16d25e..1c4739e33af6 100644
--- a/fs/squashfs/cache.c
+++ b/fs/squashfs/cache.c
@@ -119,7 +119,7 @@ struct squashfs_cache_entry *squashfs_cache_get(struct super_block *sb,
 
                         entry->length = squashfs_read_data(sb, entry->data,
                                 block, length, &entry->next_index,
-                                cache->block_size);
+                                cache->block_size, cache->pages);
 
                         spin_lock(&cache->lock);
 
@@ -406,7 +406,7 @@ int squashfs_read_table(struct super_block *sb, void *buffer, u64 block,
         for (i = 0; i < pages; i++, buffer += PAGE_CACHE_SIZE)
                 data[i] = buffer;
         res = squashfs_read_data(sb, data, block, length |
-                SQUASHFS_COMPRESSED_BIT_BLOCK, NULL, length);
+                SQUASHFS_COMPRESSED_BIT_BLOCK, NULL, length, pages);
         kfree(data);
         return res;
 }