NILFS utilities - Undefined Behavior and Out-of-Memory via Unvalidated s_log_block_size

An attacker supplies a crafted NILFS2 filesystem image (e.g. on a USB drive) whose superblock contains an oversized `s_log_block_size` field. When a victim mounts the image or runs a read-path tool such as `nilfs-tune` or `dumpseg`, the invalid value is used as a shift count in bit-shift operations (`1 << (s_log_block_size + 10)`), causing undefined behavior per C11 6.5.7p4, or triggering an out-of-memory condition via an excessive allocation (`malloc(segsize)` with a 16 PB request) [ref_id=1]. The precondition is that the attacker must convince the victim to process the malicious image (local user interaction, no authentication required).

The patch adds a single guard in `nilfs_sb_is_valid()` inside `lib/sb.c` that rejects any superblock where `s_log_block_size > 6` [patch_id=6590933]. The valid range 0–6 corresponds to block sizes 1024–65536 bytes, matching the constants `NILFS_MIN_BLOCK_SIZE` and `NILFS_MAX_BLOCK_SIZE` that were already defined in `nilfs2_ondisk.h` but previously only enforced in `mkfs.c`. By returning 0 (invalid) early, the function prevents downstream code from ever seeing the malicious shift count, eliminating both the undefined-behavior shift and the out-of-memory allocation.