Hide Forgot
+++ This bug was initially created as a clone of Bug #674095 +++ abrt version: 1.1.14 architecture: i686 Attached file: backtrace cmdline: fsck.vfat -y /dev/sdb1 component: dosfstools crash_function: _IO_str_chk_overflow executable: /sbin/dosfsck kernel: 2.6.35.10-74.fc14.i686.PAE package: dosfstools-3.0.9-4.fc14 rating: 4 reason: Process /sbin/dosfsck was killed by signal 6 (SIGABRT) release: Fedora release 14 (Laughlin) time: 1296489853 uid: 0 How to reproduce ----- 1. tried to fsck a broken usb flash device 2. 3. --- Additional comment from mads on 2011-01-31 17:13:48 CET --- Created attachment 476222 [details] File: backtrace --- Additional comment from jskarvad on 2011-01-31 17:47:37 CET --- Thanks, got it from the backtrace. --- Additional comment from jskarvad on 2011-01-31 17:50:06 CET --- Created attachment 476231 [details] Fix alloc_rootdir_entry buffer overflow --- Additional comment from jskarvad on 2011-01-31 17:51:47 CET --- Please try the following experimental build on your broken USB flash drive and report the results: http://koji.fedoraproject.org/koji/taskinfo?taskID=2753262 --- Additional comment from mads on 2011-01-31 18:33:02 CET --- Thanks, seems to work fine. (But I wonder why it also found'n'fixed errors the second time I ran it. I would expect it to warn me the first time if that was likely to be necessary. Or is it common knowledge that fsck must be rerun until no failures are found?) [root@dev-mk ~]# rpm -q dosfstools dosfstools-3.0.9-5.fc14.i686 [root@dev-mk ~]# fsck -y /dev/sdb1 fsck from util-linux-ng 2.18 dosfsck 3.0.9, 31 Jan 2010, FAT32, LFN Reclaimed 7 unused clusters (114688 bytes) in 4 chains. Performing changes. /dev/sdb1: 739 files, 23270/62952 clusters [root@dev-mk ~]# fsck -y /dev/sdb1 fsck from util-linux-ng 2.18 dosfsck 3.0.9, 31 Jan 2010, FAT32, LFN /FSCK0000.\000\000\000 Bad file name. Auto-renaming it. Renamed to FSCK0000.000 /FSCK0001.\000\000\000 Bad file name. Auto-renaming it. Renamed to FSCK0000.001 /FSCK0002.\000\000\000 Bad file name. Auto-renaming it. Renamed to FSCK0000.002 /FSCK0003.\000\000\000 Bad file name. Auto-renaming it. Renamed to FSCK0000.003 Performing changes. /dev/sdb1: 739 files, 23270/62952 clusters [root@dev-mk ~]# fsck -y /dev/sdb1 fsck from util-linux-ng 2.18 dosfsck 3.0.9, 31 Jan 2010, FAT32, LFN /dev/sdb1: 739 files, 23270/62952 clusters [root@dev-mk ~]# --- Additional comment from jskarvad on 2011-02-01 09:28:37 CET --- Thanks, got it. It is another problem ;) I will push patches for both issues into update testing and I will also post it upstream. Watch this bugzilla for progress. --- Additional comment from jskarvad on 2011-02-01 12:47:27 CET --- Created attachment 476370 [details] Fix alloc_rootdir_entry buffer overflow Updated patch addressing the issue from comment 5. Before applying, the dosfstools-3.0.9-fix-reclaim-file.patch must be also dropped. --- Additional comment from jskarvad on 2011-02-01 12:56:23 CET --- Updated scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=2754353 Patch sent upstream. Waiting for comments. --- Additional comment from jskarvad on 2011-02-14 17:23:35 CET --- Created attachment 478664 [details] Reproducer Should return 0 on PASS, 1 on FAIL. --- Additional comment from updates on 2011-02-14 17:27:35 CET --- dosfstools-3.0.9-5.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc14 --- Additional comment from updates on 2011-02-14 18:14:39 CET --- dosfstools-3.0.9-4.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/dosfstools-3.0.9-4.fc13 --- Additional comment from updates on 2011-02-14 18:28:01 CET --- dosfstools-3.0.11-3.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/dosfstools-3.0.11-3.fc15 --- Additional comment from updates on 2011-02-14 21:27:40 CET --- dosfstools-3.0.9-5.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dosfstools'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc14
Reproducer is in attachment 478664 [details]
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative.
*** Bug 684181 has been marked as a duplicate of this bug. ***
Bugfix was verified on dosfstools-3.0.9-4.el6 package on all supported architectures. dosfsck is doesn't crash on broken fs anymore.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The fsck.vfat utility terminated due to buffer overflow. This occurred when checking a device with the corrupted VFAT file system if there were any chains of orphaned clusters. The name of the newly created file that contained these clusters was printed directly into the name field, which led to an out of boundary write. The name is now printed into the buffer and individual parts are then correctly copied into the appropriate field.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1552.html