Improve overflow handling in get_or_insert_blocks

When calculating num_bytes overflows, return a new
BlockCacheReadTooLarge error instead of silently capping to the block
size.

Author: nicholasbishop

src/block_cache.rs

@@ -8,6 +8,7 @@
 
 use crate::block_index::FsBlockIndex;
 use crate::block_size::BlockSize;
+use crate::error::CorruptKind;
 use crate::error::Ext4Error;
 use crate::util::usize_from_u32;
 use alloc::boxed::Box;
@@ -182,13 +183,14 @@ impl BlockCache {
             return Ok(&*self.entries[0].data);
         }
 
-        let block_size = self.block_size.to_usize();
-
         // Get the number of blocks/bytes to read.
         let num_blocks = self.num_blocks_to_read(block_index);
         let num_bytes = usize_from_u32(num_blocks)
-            .checked_mul(block_size)
-            .unwrap_or(block_size);
+            .checked_mul(self.block_size.to_usize())
+            .ok_or(CorruptKind::BlockCacheReadTooLarge {
+                num_blocks,
+                block_size: self.block_size,
+            })?;
 
         // Read blocks into the read buffer.
         f(&mut self.read_buf[..num_bytes])?;

src/error.rs

@@ -345,6 +345,12 @@ pub(crate) enum CorruptKind {
         /// Length in bytes of the read.
         read_len: usize,
     },
+
+    /// Attempting to read too much data in the block cache.
+    BlockCacheReadTooLarge {
+        num_blocks: u32,
+        block_size: BlockSize,
+    },
 }
 
 impl Display for CorruptKind {
@@ -494,6 +500,13 @@ impl Display for CorruptKind {
                     "invalid read of length {read_len} from block {block_index} (originally {original_block_index}) at offset {offset_within_block}"
                 )
             }
+            Self::BlockCacheReadTooLarge {
+                num_blocks,
+                block_size,
+            } => write!(
+                f,
+                "attempted to read {num_blocks} blocks with block_size {block_size}"
+            ),
         }
     }
 }