First Last Prev Next    This bug is not in your last search results.
Bug 480112 - mtools fails
mtools fails
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: mtools (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F11Alpha/F11AlphaBlocker
  Show dependency treegraph
 
Reported: 2009-01-14 23:53 EST by Bill Nottingham
Modified: 2014-03-16 23:17 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-21 13:44:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Bill Nottingham 2009-01-14 23:53:59 EST 
Description of problem:

In file_name.c:

wchar_t *unix_name(doscp_t *dosCp, ...

        char *s, tname[9], text[4], ans[11];
...
        if (*text) {
                strcpy(ans, tname);
                strcat(ans, ".");
                strcat(ans, text);
        }

Oddly enough...

/usr/bin/mcopy -D o -D O -o - s:/ldlinux.sys
*** buffer overflow detected ***: /usr/bin/mcopy terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff7b4d717]
/lib64/libc.so.6[0x7ffff7b4b5c0]
/lib64/libc.so.6[0x7ffff7b4a3ad]
/usr/bin/mcopy[0x40a33f]
/usr/bin/mcopy[0x41ce5b]
/usr/bin/mcopy[0x41570d]
/usr/bin/mcopy[0x41592e]
/usr/bin/mcopy[0x40e915]

Version-Release number of selected component (if applicable):

mtools-4.0.0-2.fc11.x86_64
Comment 1 Jeremy Katz 2009-01-16 11:40:54 EST 
This stops people from using live images off of a USB stick, so sticking on the alpha blocker list.
Comment 2 Adam Tkac 2009-01-21 07:08:36 EST 
(In reply to comment #0)
> Description of problem:
> 
> In file_name.c:
> 
> wchar_t *unix_name(doscp_t *dosCp, ...
> 
>         char *s, tname[9], text[4], ans[11];
> ...
>         if (*text) {
>                 strcpy(ans, tname);
>                 strcat(ans, ".");
>                 strcat(ans, text);
>         }
> 
> Oddly enough...
> 

It is a bug but I'm not 100% sure that your crash is due this "off-by-two" error. Could you attach backtrace/core dump, please? Thanks
Comment 3 Bill Nottingham 2009-01-21 13:26:05 EST 
Don't have it at the moment. However, a s/11/13/ patch makes it not happen.
Comment 4 Adam Tkac 2009-01-21 13:44:55 EST 
fixed in mtools-4.0.0-3.fc11
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.