This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 152349 - fsck.vfat crashes when checking a corrupted floppy image
fsck.vfat crashes when checking a corrupted floppy image
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: dosfstools (Show other bugs)
3
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Peter Vrabec
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-28 13:59 EST by Christophe GRENIER
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-13 09:38:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Christophe GRENIER 2005-03-28 13:59:40 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
When checking the filenames, fsck.vfat segfaults. See gdb output.
The root directory of the floppy is corrupted, fsck.vfat failed to correct the problem.

Version-Release number of selected component (if applicable):
dosfstools-2.8-15

How reproducible:
Always

Steps to Reproduce:
1. wget http://www.cgsecurity.org/floppy2.iso
2. fsck.vfat -a floppy2.iso
  

Actual Results:  Extract of gdb output
(gdb) bt full
#0  0x003c352a in memcpy () from /lib/tls/libc.so.6
No symbol table info available.
#1  0x0804f7d6 in copy_lfn_part (dst=0xffffffcc <Address 0xffffffcc out of bounds>, lfn=0xbfe47130) at lfn.c:111
No locals.
#2  0x0804ffc5 in lfn_add_slot (de=0xbfe47130, dir_offset=24544) at lfn.c:315
        lfn = (LFN_ENT *) 0xbfe47130
        offset = 4294967244
#3  0x0804c890 in add_file (fs=0xbfe47260, chain=0xbfe471ac, parent=0x96b4ec8, offset=24544, cp=0x0) at check.c:760
        new = (DOS_FILE *) 0x0
        de = {name = "\203|\026\000\037�\000", ext = "t\022�", attr = 15 '\017', lcase = 1 '\001', ctime_ms = 114 'r',
  ctime = 59405, cdate = 490, adate = 65470, starthi = 30207, time = 17926, date = 53480, start = 63488, size = 3324967107}
        type = fdt_none
#4  0x0804ca94 in scan_dir (fs=0xbfe47260, this=0x96b4ec8, cp=0x0) at check.c:800
        chain = (DOS_FILE **) 0x96cd570
        i = 5088
        clu_num = 16
#5  0x0804cbdf in subdirs (fs=0xbfe47260, parent=0x0, cp=0x8055da0) at check.c:821
        walk = (DOS_FILE *) 0x96b4ec8
#6  0x0804ccdd in scan_root (fs=0xbfe47260) at check.c:843
        chain = (DOS_FILE **) 0x96c4330
        i = 224
#7  0x0804d299 in main (argc=3, argv=0xbfe47354) at dosfsck.c:143
        fs = {fat_start = 512, fat_size = 4608, fat_bits = 12, eff_fat_bits = 12, root_cluster = 0, root_start = 9728,
  root_entries = 224, data_start = 16896, cluster_size = 512, clusters = 2847, fsinfo_start = 0, free_clusters = -1,
  backupboot_start = 20195778039382016, fat = 0x96b7258}
        rw = 1
        salvage_files = 1
        verify = 0
        c = -1
        free_clusters = 3219419796
(gdb)

Expected Results:  The invalid filenames must be discard.

Additional info:
Comment 1 Peter Vrabec 2005-10-13 09:38:10 EDT
fixed in devel, dosfstools-2.11-1

Note You need to log in before you can comment on or make changes to this bug.