Bug 1007847

Summary: sgdisk -i segfaults when parameter is too large
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: gdiskAssignee: Terje Røsten <terje.rosten>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bfan, leiwang, orion, wshi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gdisk-0.8.7-2.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1007761 Environment:
Last Closed: 2013-09-23 00:30:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1007761    
Attachments:
Description Flags
gdisk-0.8.7-add-range-check.patch none

Description Richard W.M. Jones 2013-09-13 12:59:35 UTC 
+++ This bug was initially created as a clone of Bug #1007761 +++

Description of problem:

$ sgdisk /dev/sda -i 1185

***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format
in memory. 
***************************************************************

Segmentation fault (core dumped)

The stack trace is:

Program received signal SIGSEGV, Segmentation fault.
GPTPart::ShowDetails (this=0x851018, blockSize=512) at gptpart.cc:210
210	   if (firstLBA != 0) {
(gdb) bt
#0  GPTPart::ShowDetails (this=0x851018, blockSize=512) at gptpart.cc:210
#1  0x000000000041015e in GPTData::ShowPartDetails (
    this=this@entry=0x7fffffffc470, partNum=<optimized out>) at gpt.cc:1406
#2  0x00000000004193d1 in GPTDataCL::DoOptions (
    this=this@entry=0x7fffffffc470, argc=argc@entry=4, 
    argv=argv@entry=0x7fffffffde48) at gptcl.cc:255
#3  0x0000000000402dd6 in main (argc=4, argv=0x7fffffffde48) at sgdisk.cc:20
Comment 1 Richard W.M. Jones 2013-09-13 13:09:37 UTC 
Also fails on Fedora Rawhide.

The issue is that partNum is passed direct from the command
line (actually partNum == 1185-1 here) and is not bounds-checked
at all, so:

(gdb) frame 1
#1  0x000000000041015e in GPTData::ShowPartDetails (
    this=this@entry=0x7fffffffc470, partNum=<optimized out>) at gpt.cc:1406
1406	      partitions[partNum].ShowDetails(blockSize);

fails in the array index.
Comment 2 Richard W.M. Jones 2013-09-13 13:18:55 UTC 
Created attachment 797335 [details]
gdisk-0.8.7-add-range-check.patch

I pushed this patch to Rawhide.  Will send it upstream shortly.
Comment 3 Richard W.M. Jones 2013-09-13 13:42:42 UTC 
Was not meant to be private.
Comment 4 Terje Røsten 2013-09-15 12:03:50 UTC 
Thanks for report and patch!
Comment 5 Fedora Update System 2013-09-15 12:17:10 UTC 
gdisk-0.8.7-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/gdisk-0.8.7-2.fc19
Comment 6 Fedora Update System 2013-09-15 12:17:20 UTC 
gdisk-0.8.7-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/gdisk-0.8.7-2.fc20
Comment 7 Fedora Update System 2013-09-15 12:17:30 UTC 
gdisk-0.8.7-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/gdisk-0.8.7-2.fc18
Comment 8 Fedora Update System 2013-09-15 17:35:56 UTC 
Package gdisk-0.8.7-2.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gdisk-0.8.7-2.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-16778/gdisk-0.8.7-2.fc20
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2013-09-23 00:30:34 UTC 
gdisk-0.8.7-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-09-30 00:49:35 UTC 
gdisk-0.8.7-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2013-10-01 02:08:40 UTC 
gdisk-0.8.7-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.