| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Oct 2014 12:47:09 +0200
From: Sami Liedes <sami.liedes@....fi>
To: "Darrick J. Wong" <darrick.wong@...cle.com>
Cc: linux-ext4@...r.kernel.org
Subject: Re: Valgrind-detected issues in e2fsck on corrupted filesystems
On Mon, Oct 20, 2014 at 01:57:36PM -0700, Darrick J. Wong wrote:
> Thanks for catching these! I'll have patches out shortly.
Great! With your patches applied I could no longer get any valgrind
errors on ext4 during overnight fuzz testing.
Here's one more I found which only shows on ext[23], with or without
your recent patches. It seems that the error message "Unexpected block
in HTREE directory inode %d (%q)" is printed with uninitialized values
for both the %d and the %q conversions.
Pristine: http://www.niksula.hut.fi/~sliedes/e2fsck/testimg.ext2.bz2
Fuzzed: http://www.niksula.hut.fi/~sliedes/e2fsck/testimg.ext2.78.min.bz2
1-bit diff:
--- /dev/fd/63 2014-10-26 12:33:05.879722761 +0200
+++ /dev/fd/62 2014-10-26 12:33:05.880722761 +0200
@@ -9032,6 +9032,9 @@
0013fc10 0a 05 00 00 0b 05 00 00 2b 05 00 00 00 00 00 00 |........+.......|
0013fc20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
+0013fcb0 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 |................|
+0013fcc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+*
00140000 34 02 00 00 30 00 26 07 5c 78 32 66 64 65 76 69 |4...0.&.\x2fdevi|
00140010 63 65 73 5c 78 32 66 76 69 72 74 75 61 6c 5c 78 |ces\x2fvirtual\x|
00140020 32 66 74 74 79 5c 78 32 66 74 74 79 35 33 00 00 |2ftty\x2ftty53..|
Output:
------------------------------------------------------------
e2fsck 1.43-WIP (29-Aug-2014)
Pass 1: Checking inodes, blocks, and sizes
Inode 426 has illegal block(s). Clear? yes
Illegal block #58 (262144) in inode 426. CLEARED.
Pass 2: Checking directory structure
Directory inode 426 has an unallocated block #19. Allocate? yes
Unexpected block in HTREE directory inode ==17310== Use of uninitialised value of size 8
==17310== at 0x529C0FB: _itoa_word (_itoa.c:179)
==17310== by 0x529FB02: vfprintf (vfprintf.c:1635)
==17310== by 0x52A1340: buffered_vfprintf (vfprintf.c:2312)
==17310== by 0x529C3DD: vfprintf (vfprintf.c:1290)
==17310== by 0x52A6526: fprintf (fprintf.c:32)
==17310== by 0x4333BB: expand_percent_expression (message.c:451)
==17310== by 0x433817: print_e2fsck_message (message.c:552)
==17310== by 0x4325D1: fix_problem (problem.c:2130)
==17310== by 0x424A8B: check_dir_block (pass2.c:973)
==17310== by 0x44AF96: ext2fs_dblist_iterate2 (dblist.c:211)
==17310== by 0x422E34: e2fsck_pass2 (pass2.c:149)
==17310== by 0x4149DF: e2fsck_run (e2fsck.c:230)
[...]
87815056 (==17310== Conditional jump or move depends on uninitialised value(s)
==17310== at 0x432977: print_pathname (message.c:203)
==17310== by 0x4334FE: expand_percent_expression (message.c:480)
==17310== by 0x433817: print_e2fsck_message (message.c:552)
==17310== by 0x4325D1: fix_problem (problem.c:2130)
==17310== by 0x424A8B: check_dir_block (pass2.c:973)
==17310== by 0x44AF96: ext2fs_dblist_iterate2 (dblist.c:211)
==17310== by 0x422E34: e2fsck_pass2 (pass2.c:149)
==17310== by 0x4149DF: e2fsck_run (e2fsck.c:230)
==17310== by 0x4139E6: main (unix.c:1649)
==17310==
==17310== Conditional jump or move depends on uninitialised value(s)
==17310== at 0x456D29: ext2fs_get_pathname (get_pathname.c:165)
==17310== by 0x4329C2: print_pathname (message.c:209)
==17310== by 0x4334FE: expand_percent_expression (message.c:480)
==17310== by 0x433817: print_e2fsck_message (message.c:552)
==17310== by 0x4325D1: fix_problem (problem.c:2130)
==17310== by 0x424A8B: check_dir_block (pass2.c:973)
==17310== by 0x44AF96: ext2fs_dblist_iterate2 (dblist.c:211)
==17310== by 0x422E34: e2fsck_pass2 (pass2.c:149)
==17310== by 0x4149DF: e2fsck_run (e2fsck.c:230)
==17310== by 0x4139E6: main (unix.c:1649)
[...]
???).
------------------------------------------------------------
Sami
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists