Corrupted squashfs images can have negative inode sizes. Add sanity
check to prevent negative inode size.

Reported-by: syzbot+f754e01116421e9754b9@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f754e01116421e9754b9
Signed-off-by: Sang-Heon Jeon <ekffu200098@gmail.com>
Tested-by: syzbot+f754e01116421e9754b9@syzkaller.appspotmail.com
Cc: Amir Goldstein <amir73il@gmail.com>
---
Special thanks to Amir's kindness analysis [1]. I couldn't find proper
tag for credit, so i just cc-ing. But feel free to add proper credit.

Also, I referred method of erofs. but i might be wrong, please let me
know about that. Thanks for consideration.

[1] https://lore.kernel.org/all/CAOQ4uxgkpi4v3NTSTq5GGJEceHHi97iY4rtsAJuo5c-yxu-Bzg@mail.gmail.com/
---
 fs/squashfs/inode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/squashfs/inode.c b/fs/squashfs/inode.c
index ddc65d006063..148cd75f5bd7 100644
--- a/fs/squashfs/inode.c
+++ b/fs/squashfs/inode.c
@@ -426,6 +426,12 @@ int squashfs_read_inode(struct inode *inode, long long ino)
 		return -EINVAL;
 	}
 
+	if (unlikely(inode->i_size < 0)) {
+		ERROR("Negative i_size %lld inode 0x%llx\n",
+			inode->i_size, ino);
+		return -EINVAL;
+	}
+
 	if (xattr_id != SQUASHFS_INVALID_XATTR && msblk->xattr_id_table) {
 		err = squashfs_xattr_lookup(sb, xattr_id,
 					&squashfs_i(inode)->xattr_count,
-- 
2.43.0