From 162265b47efb02ae7ed6d74f47c6fa95140129ae Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Sun, 3 May 2026 17:30:25 +0900
Subject: [PATCH] container: reject strings larger than a page

The vfs stores these values in a page obtained via GFP, and silently stops copying once the page is filled. This check prevents confusing behaviour in such cases.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 container/errors.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/container/errors.go b/container/errors.go
index a1069b65..5a67bb4c 100644
--- a/container/errors.go
+++ b/container/errors.go
@@ -118,6 +118,10 @@ func errnoFallback(op, path string, err error) (syscall.Errno, *os.PathError) {
 
 // mount wraps syscall.Mount for error handling.
 func mount(source, target, fstype string, flags uintptr, data string) error {
+	if max(len(source), len(target), len(data))+1 > os.Getpagesize() {
+		return &MountError{source, target, fstype, flags, data, syscall.ENOMEM}
+	}
+
 	err := syscall.Mount(source, target, fstype, flags, data)
 	if err == nil {
 		return nil