Reference: https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/1428461 In checksize(), the physicalSize is represented in size_t, which is 32-bit on 32-bit platforms. When the file size is within (4GiB-cluster size..4GiB) range, the count of cluster * cluster size would be exactly 4 GiB, which will wrap to 0 and cause the file to be errornously truncated.
(In reply to Xin LI from comment #0) I agree with your comments in the Android review
A commit references this bug: Author: delphij Date: Wed Sep 23 06:52:23 UTC 2020 New revision: 366064 URL: https://svnweb.freebsd.org/changeset/base/366064 Log: sbin/fsck_msdosfs: Fix an integer overflow on 32-bit platforms. The purpose of checksize() is to verify that the referenced cluster chain size matches the recorded file size (up to 2^32 - 1) in the directory entry. We follow the cluster chain, then multiple the cluster count by bytes per cluster to get the physical size, then check it against the recorded size. When a file is close to 4 GiB (between 4GiB - cluster size and 4GiB, both non-inclusive), the product of cluster count and bytes per cluster would be exactly 4 GiB. On 32-bit systems, because size_t is 32-bit, this would wrap back to 0, which will cause the file be truncated to 0. Fix this by using 64-bit physicalSize instead. This fix is inspired by an Android change request at https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/1428461 PR: 249533 Reviewed by: kevlo MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D26524 Changes: head/sbin/fsck_msdosfs/dir.c