Bug 161568 - mkfs.jfs throws buffer overflow error and stack trace
mkfs.jfs throws buffer overflow error and stack trace
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: jfsutils (Show other bugs)
rawhide
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jeff Garzik
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-24 11:14 EDT by Michael Lee Yohe
Modified: 2013-07-02 22:25 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 20:11:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix a really stupid bug in Is_Device_Mounted() (1.52 KB, patch)
2005-09-15 12:27 EDT, Dave Kleikamp
no flags Details | Diff

  None (edit)
Description Michael Lee Yohe 2005-06-24 11:14:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
I'm attempting to create a 60G jfs file system on a loopback file ('nuff said).  I can create reiserfs on the loopback device all day long.  However, mkfs.jfs throws an error:

mkfs.jfs version 1.1.7, 22-Jul-2004
*** buffer overflow detected ***: mkfs.jfs terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x843565]
/lib/libc.so.6(__strcpy_chk+0x3f)[0x842bf7]
mkfs.jfs[0x804d73a]
mkfs.jfs[0x804c111]
/lib/libc.so.6(__libc_start_main+0xc6)[0x779de6]
mkfs.jfs[0x8049161]
======= Memory map: ========
00747000-00761000 r-xp 00000000 fd:00 551812     /lib/ld-2.3.5.so
00761000-00762000 r-xp 00019000 fd:00 551812     /lib/ld-2.3.5.so
00762000-00763000 rwxp 0001a000 fd:00 551812     /lib/ld-2.3.5.so
00765000-00889000 r-xp 00000000 fd:00 551814     /lib/libc-2.3.5.so
00889000-0088b000 r-xp 00124000 fd:00 551814     /lib/libc-2.3.5.so
0088b000-0088d000 rwxp 00126000 fd:00 551814     /lib/libc-2.3.5.so
0088d000-0088f000 rwxp 0088d000 00:00 0
00891000-00893000 r-xp 00000000 fd:00 63881      /lib/libuuid.so.1.2
00893000-00894000 rwxp 00001000 fd:00 63881      /lib/libuuid.so.1.2
00b5a000-00b63000 r-xp 00000000 fd:00 98199      /lib/libgcc_s-4.0.0-20050520.so.1
00b63000-00b64000 rwxp 00009000 fd:00 98199      /lib/libgcc_s-4.0.0-20050520.so.1
00fce000-00fcf000 r-xp 00fce000 00:00 0
08048000-08055000 r-xp 00000000 fd:00 555225     /sbin/mkfs.jfs
08055000-08056000 rw-p 0000d000 fd:00 555225     /sbin/mkfs.jfs
08056000-08057000 rw-p 08056000 00:00 0
0889a000-088bb000 rw-p 0889a000 00:00 0          [heap]
b7fa6000-b7fa8000 rw-p b7fa6000 00:00 0
b7fbc000-b7fbe000 rw-p b7fbc000 00:00 0
bffa9000-bffbe000 rw-p bffa9000 00:00 0          [stack]
Aborted


Version-Release number of selected component (if applicable):
jfsutils-1.1.7-2

How reproducible:
Always

Steps to Reproduce:
1. see above
  

Actual Results:  The stack trace.

Expected Results:  Works as advertised.

Additional info:
Comment 1 Andrew Zabolotny 2005-08-26 14:24:50 EDT
Same here. If you have a JFS partition and you happened to crash, on next boot
fsck.jfs is automatically launched, which leads to the following:

[5|root@zap|/mnt]fsck.jfs /dev/hda10
fsck.jfs version 1.1.7, 22-Jul-2004
processing started: 8/26/2005 22.18.15
*** buffer overflow detected ***: fsck.jfs terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xa7ed7565]
/lib/libc.so.6(__strcpy_chk+0x3f)[0xa7ed6bf7]
fsck.jfs[0x806f6fa]
fsck.jfs[0x806e0ac]
fsck.jfs[0x806ed51]
/lib/libc.so.6(__libc_start_main+0xc6)[0xa7e0dde6]
fsck.jfs[0x80492a1]
======= Memory map: ========
08048000-0807f000 r-xp 00000000 03:07 74917      /sbin/fsck.jfs
0807f000-080ad000 rwxp 00036000 03:07 74917      /sbin/fsck.jfs
080ad000-08173000 rwxp 080ad000 00:00 0          [heap]
a7db3000-a7dbc000 r-xp 00000000 03:07 72039      /lib/libgcc_s-4.0.1-20050727.so.1
a7dbc000-a7dbd000 rwxp 00009000 03:07 72039      /lib/libgcc_s-4.0.1-20050727.so.1
a7dd6000-a7df9000 rwxp a7dd6000 00:00 0 
a7df9000-a7f1d000 r-xp 00000000 03:07 12574      /lib/libc-2.3.5.so
a7f1d000-a7f1f000 r-xp 00124000 03:07 12574      /lib/libc-2.3.5.so
a7f1f000-a7f21000 rwxp 00126000 03:07 12574      /lib/libc-2.3.5.so
a7f21000-a7f23000 rwxp a7f21000 00:00 0 
a7f23000-a7f25000 r-xp 00000000 03:07 3639       /lib/libuuid.so.1.2
a7f25000-a7f26000 rwxp 00001000 03:07 3639       /lib/libuuid.so.1.2
a7f26000-a7f27000 rwxp a7f26000 00:00 0 
a7f3f000-a7f40000 rwxp a7f3f000 00:00 0 
a7f40000-a7f5a000 r-xp 00000000 03:07 75615      /lib/ld-2.3.5.so
a7f5a000-a7f5b000 r-xp 00019000 03:07 75615      /lib/ld-2.3.5.so
a7f5b000-a7f5c000 rwxp 0001a000 03:07 75615      /lib/ld-2.3.5.so
af845000-af85a000 rw-p af845000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]
Aborted
[5|root@zap|/mnt]rpm -q jfsutils
jfsutils-1.1.7-2

Downgrading to jfsutils 1.1.7 from Fedora Core 3 helps:

[5|root@zap|/mnt]rpm -Uvh jfsutils-1.1.7-1.i386.rpm --force
Preparing...                ########################################### [100%]
   1:jfsutils               ########################################### [100%]
[5|root@zap|/mnt]fsck.jfs /dev/hda10
fsck.jfs version 1.1.7, 22-Jul-2004
processing started: 8/26/2005 22.24.34
Using default parameter: -p
The current device is:  /dev/hda10
Block size in bytes:  4096
Filesystem size in blocks:  1000038
**Phase 0 - Replay Journal Log
Filesystem is clean.
Comment 2 Dave Kleikamp 2005-09-15 12:27:53 EDT
Created attachment 118860 [details]
Fix a really stupid bug in Is_Device_Mounted()

This should fix the problem.  jfs code assumed the root file system type was
less than 6 characters.  I'm guessing you your root is reiserfs?
Comment 3 Michael Lee Yohe 2005-09-15 15:45:54 EDT
The root file system on my Linux box is lvm/reiserfs.  I will see if that patch
helps out or not.
Comment 4 Marcin Garski 2006-06-17 16:42:14 EDT
This fix is included in jfsutils-1.1.11 release (from 06-05-2006).

Changes in 1.1.11:
* Fix infinite loop when mkfs.jfs is invoked with -c
* avoid infinite loop in xTree_binsrch_page
* Fix buffer overflow
* Fix segfault on s390
* Fix segfault in markImap
* Add compiler flags to generate useful warnings
* Code cleanup
Comment 5 Marcin Garski 2006-06-19 18:39:58 EDT
My 3 cents. While updating package to 1.1.11, you could also change URL to new
one: http://jfs.sourceforge.net/
Comment 6 Christian Iseli 2007-01-19 19:30:17 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 7 Marcin Garski 2007-01-20 18:56:18 EST
It still applies even to devel branch, because devel include jfsutils-1.1.10
which is afected by this bug.
Comment 8 Dave Kleikamp 2007-01-20 19:14:41 EST
This bug was actually fixed in jfsutils-1.1.9.

New in 1.1.9 - 2005-10-04
* Add support for Dragonfly BSD.  I/O to block devices must be done through
  aligned buffers.  Change to use stream I/O to avoid problems.
* Reduce memory usage in fsck by removing structure members and code relating
  to OS/2 DASD limits.
* Fix stack buffer overflow in Is_Device_Mounted  <<<<< This one

I would still recommend updating to jfsutils-1.1.11 for the other fixes.
Comment 9 Marcin Garski 2007-01-20 19:48:06 EST
Oops sorry, I have jumbled bugs :]
Comment 10 Bug Zapper 2008-04-03 12:13:28 EDT
Based on the date this bug was created, it appears to have been reported
against rawhide during the development of a Fedora release that is no
longer maintained. In order to refocus our efforts as a project we are
flagging all of the open bugs for releases which are no longer
maintained. If this bug remains in NEEDINFO thirty (30) days from now,
we will automatically close it.

If you can reproduce this bug in a maintained Fedora version (7, 8, or
rawhide), please change this bug to the respective version and change
the status to ASSIGNED. (If you're unable to change the bug's version
or status, add a comment to the bug and someone will change it for you.)

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 11 Bug Zapper 2008-05-06 20:11:48 EDT
This bug has been in NEEDINFO for more than 30 days since feedback was
first requested. As a result we are closing it.

If you can reproduce this bug in the future against a maintained Fedora
version please feel free to reopen it against that version.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

Note You need to log in before you can comment on or make changes to this bug.