wcampbell0x2a
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎backhand/src/reader.rs‎
Lines changed: 2 additions & 1 deletion b/‎backhand/src/reader.rs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎backhand/src/squashfs.rs‎
Lines changed: 6 additions & 0 deletions b/‎backhand/src/squashfs.rs‎
Lines changed: 6 additions & 0 deletions
@@ -19,6 +19,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add `x86_64-pc-windows-gnu` support ([@Wolfyxon](https://github.com/Wolfyxon)) ([#634](https://github.com/wcampbell0x2a/backhand/pull/634))
 - Add [zlib-rs](https://github.com/trifectatechfoundation/zlib-rs) support through `--feature gzip-zlib-rs`.
 
+#### Security
+- Prevent self referential dirs, which could cause a stack overflow ([#624](https://github.com/wcampbell0x2a/backhand/pull/495))
+- Avoid high allocations for high inode count ([#624](https://github.com/wcampbell0x2a/backhand/pull/495))
+
 ### `backhand-cli`
 - Add `--no-compression-options` to `add` and `replace` to remove compression options from image after modification.
 - Add `--pad-len` to `replace` and `add` to control the length of end-of-image padding ([#604](https://github.com/wcampbell0x2a/backhand/pull/604))
 
@@ -95,7 +95,8 @@ pub trait SquashFsReader: BufReadSeek + Sized {
         )?;
 
         let mut inodes = IntMap::default();
-        inodes.try_reserve(superblock.inode_count as usize)?;
+        // Be nice the allocator, and only allocate a max of u16::MAX count of Indoes
+        inodes.try_reserve(superblock.inode_count.min(u16::MAX as u32) as usize)?;
 
         let byte_len = bytes.len();
         let mut cursor = Cursor::new(bytes);
 
@@ -533,6 +533,12 @@ impl<'b> Squashfs<'b> {
                         // BasicDirectory, ExtendedDirectory
                         InodeId::BasicDirectory | InodeId::ExtendedDirectory => {
                             // its a dir, extract all children inodes
+                            if *found_inode == dir_inode {
+                                error!("self referential dir to already read inode");
+                                return Err(BackhandError::UnexpectedInode(
+                                    dir_inode.inner.clone(),
+                                ));
+                            }
                             self.extract_dir(fullpath, root, found_inode, &self.id)?;
                             InnerNode::Dir(SquashfsDir::default())
                         }