lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1NrxLo-0004P2-Dj@closure.thunk.org>
Date:	Wed, 17 Mar 2010 13:48:12 -0400
From:	"Theodore Ts'o" <tytso@....edu>
To:	linux-ext4@...r.kernel.org
Subject: [PATCH] e2fsck: Fix segmentation fault when checking a file system


Murphy's Law says that this report would come in *just* after I release
1.41.11.  :-)

						- Ted

>From 19f433a5214e720a95bdbf78bdcdca353c25b770 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@....edu>
Date: Wed, 17 Mar 2010 13:32:52 -0400
Subject: [PATCH] e2fsck: Fix segmentation fault when checking a file system

If a corrupted file system causes us to want to delete an extent, and
that causes us to want to release a block in e2fsck pass #1, it would
be preferable if e2fsck didn't seg fault.  This tends to get users
craky, as users are wont to do.  :-)

Thanks to Dirk Reiners for reporting this bug:

e2fsck crashes fixing a corrupted 3.5 TB filesystem:

0x0000000000432002 in ext2fs_unmark_generic_bitmap (bitmap=0x0, bitno=623386749)
at gen_bitmap.c:183
183             if ((bitno < bitmap->start) || (bitno > bitmap->end)) {
(gdb) bt
bitno=623386749) at gen_bitmap.c:183
block=623386749) at ../../lib/ext2fs/bitops.h:319
inuse=-1) at alloc_stats.c:78
extent.c:1509
pb=0x7fffffffdfe0, start_block=0, ehandle=0x6dcf50) at pass1.c:1709
pb=0x7fffffffdfe0, start_block=0, ehandle=0x6dcf50) at pass1.c:1737
pctx=0x7fffffffe100, pb=0x7fffffffdfe0) at pass1.c:1842
block_buf=0x6c4330 "\373\212#") at pass1.c:1920

The source of the NULL bitmap is fs on stack frame 2:

(gdb) up 2
inuse=-1) at alloc_stats.c:78
78                      ext2fs_unmark_block_bitmap(fs->block_map, blk);

Addresses-SourceForge-Bug: #2971800

Signed-off-by: "Theodore Ts'o" <tytso@....edu>
---
 e2fsck/pass1.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 130b3f6..3c6f91c 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -1706,6 +1706,7 @@ static void scan_extent_node(e2fsck_t ctx, struct problem_context *pctx,
 			pctx->blk2 = extent.e_lblk;
 			pctx->num = extent.e_len;
 			if (fix_problem(ctx, problem, pctx)) {
+				e2fsck_read_bitmaps(ctx);
 				pctx->errcode =
 					ext2fs_extent_delete(ehandle, 0);
 				if (pctx->errcode) {
-- 
1.6.6.1.1.g974db.dirty

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ