Bug 955713

Summary: dosfslabel buffer overflow
Product: [Fedora] Fedora Reporter: Tomas Dolezal <todoleza>
Component: dosfstoolsAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 18CC: jskarvad, maxantispam
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-07 08:32:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Dolezal 2013-04-23 15:23:19 UTC 
Description of problem:
using latest livecd-tools on flash disk media causes dosfslabel buffer overflow

Version-Release number of selected component (if applicable):
dosfstools-3.0.16-2.fc18.x86_64
livecd-tools-18.15-1.fc18.x86_64

How reproducible:
always

Steps to Reproduce:
1. mount usb flash
2. execute `livecd-iso-to-disk pm-test-day-live-f19-20130417-x86_64.iso /dev/sda1` #virt machine on /dev/vda
  
Actual results:
<snip>
*** buffer overflow detected ***: /sbin/dosfslabel terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3da7b0a6b7]
/lib64/libc.so.6[0x3da7b08830]
/lib64/libc.so.6[0x3da7b07cb9]
/lib64/libc.so.6(_IO_default_xsputn+0xdb)[0x3da7a78f1b]
/lib64/libc.so.6(_IO_vfprintf+0xe8)[0x3da7a46b08]
/lib64/libc.so.6(__vsprintf_chk+0x97)[0x3da7b07d57]
/lib64/libc.so.6(__sprintf_chk+0x7d)[0x3da7b07c9d]
/sbin/dosfslabel[0x404748]
/sbin/dosfslabel[0x402988]
/sbin/dosfslabel[0x4013fb]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x3da7a21a05]
/sbin/dosfslabel[0x4015fd]
======= Memory map: ========
00400000-0040c000 r-xp 00000000 fd:01 8077                               /usr/sbin/dosfslabel
0060b000-0060c000 r--p 0000b000 fd:01 8077                               /usr/sbin/dosfslabel
0060c000-0060d000 rw-p 0000c000 fd:01 8077                               /usr/sbin/dosfslabel
0060d000-0060f000 rw-p 00000000 00:00 0 
0080c000-0080d000 rw-p 0000c000 fd:01 8077                               /usr/sbin/dosfslabel
024f5000-02516000 rw-p 00000000 00:00 0                                  [heap]
3da7600000-3da7620000 r-xp 00000000 fd:01 16246                          /usr/lib64/ld-2.16.so
3da7820000-3da7821000 r--p 00020000 fd:01 16246                          /usr/lib64/ld-2.16.so
3da7821000-3da7822000 rw-p 00021000 fd:01 16246                          /usr/lib64/ld-2.16.so
3da7822000-3da7823000 rw-p 00000000 00:00 0 
3da7a00000-3da7bad000 r-xp 00000000 fd:01 16247                          /usr/lib64/libc-2.16.so
3da7bad000-3da7dad000 ---p 001ad000 fd:01 16247                          /usr/lib64/libc-2.16.so
3da7dad000-3da7db1000 r--p 001ad000 fd:01 16247                          /usr/lib64/libc-2.16.so
3da7db1000-3da7db3000 rw-p 001b1000 fd:01 16247                          /usr/lib64/libc-2.16.so
3da7db3000-3da7db8000 rw-p 00000000 00:00 0 
3da9e00000-3da9e15000 r-xp 00000000 fd:01 22867                          /usr/lib64/libgcc_s-4.7.2-20121109.so.1
3da9e15000-3daa014000 ---p 00015000 fd:01 22867                          /usr/lib64/libgcc_s-4.7.2-20121109.so.1
3daa014000-3daa015000 r--p 00014000 fd:01 22867                          /usr/lib64/libgcc_s-4.7.2-20121109.so.1
3daa015000-3daa016000 rw-p 00015000 fd:01 22867                          /usr/lib64/libgcc_s-4.7.2-20121109.so.1
7fe6483de000-7fe648e4c000 rw-p 00000000 00:00 0 
7fe648e53000-7fe648e55000 rw-p 00000000 00:00 0 
7fff54657000-7fff54678000 rw-p 00000000 00:00 0                          [stack]
7fff546f4000-7fff546f6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/bin/livecd-iso-to-disk: line 546:  1003 Aborted                 /sbin/dosfslabel $dev LIVE
</snip>

Expected results:
execution succeeds

Additional info:
Comment 1 Tomas Dolezal 2013-04-23 15:25:07 UTC 
additional nvr information:
glibc-2.16-30.fc18.x86_64
Comment 2 MaxiPunkt 2013-04-27 10:42:52 UTC 
Same here (FC18, 64bit), can be reproduced on real hardware (USB-Stick) or file:

$ dd if=/dev/zero of=./test-fat bs=512 count=200k
$ mkdosfs -v -F 32 ./test-fat
$ dosfslabel ./test-fat HELLO

=> Crash of dosfslabel with very similar symptoms...
Comment 3 Jaroslav Škarvada 2013-05-07 08:32:32 UTC 
The problem should be fixed in dosfstools-3.0.16-3 currently in updates-testing for f18.

*** This bug has been marked as a duplicate of bug 948055 ***
Comment 4 MaxiPunkt 2013-05-11 18:17:33 UTC 
Hi there,

I tested with dosfstools-3.0.16-3.fc18 which is in official updates now.
Does work for me as expected.

Thanks!