Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / squashfs-tools / 4be6d450246def726fb482674ea6c1c6a47f7808
commit4be6d450246def726fb482674ea6c1c6a47f7808[log] [tgz]
authorPhillip Lougher <phillip@squashfs.org.uk>Wed Sep 03 02:20:55 2014 +0100
committerMohamad Ayyash <mkayyash@google.com>Mon Feb 23 12:36:45 2015 -0800
treee514e91af020fbe47dd0b641a56ca5ff05a6bafb
parentfc108138a24af93e2dec05f84240074bdcf1ca14 [diff]
mksquashfs: fix cmdline arg free if >1 source dir and one of them is excluded

If you specify multiple sources (directories and/or files) on the command
line, Mksquashfs will merge those sources into a root directory
containing all of them.  This is different to the behaviour when
a single directory is specified, in which case Mksquashfs creates
a filesystem with the root containing the contents of the source
directory.

The difference manifests itself in the way the pathname of each
of the directory entries is stored/obtained.  Normally to reduce
runtime overhead when the directory entries have all come from the
same parent directory, the source pathname is not stored in each
directory entry, but is computed from the source pathname of the
parent directory.  But in the case of the "dummy" root created
to merge multiple sources specified on the command line, each
directory entry does not share the same parent pathname, and so
the source pathname of each directory entry is stored in the
nonstandard_pathname field.  This nonstandard_pathname was originally
filled in using a pointer to the source pathname on the command line.

Now, if you later exclude one of these source directories, Mksquashfs
will free the storage, and it will try and free the nonstandard_pathname
field, which leads to a crash as you cannot free a command line argument.

The fix to this is to strdup the command line source and store the
copy in the directory entry.

This is not considered a serious bug, it has not been reported, and
the scenario was discovered by chance whilst looking at the code.
Additionally the trigger scenario is highly artificial and there
is no use-case where this bug will be triggered.  To trigger it you
need to specifiy multiple source command arguments, and then you
need to exclude one of them.  But, if you explicitly specified it
on the command line why would you later exclude it, and if
you did want to exclude it the obvious way would be to remove it
from the command line.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
1 file changed
tree: e514e91af020fbe47dd0b641a56ca5ff05a6bafb
  1. kernel/
  2. kernel-2.4/
  3. RELEASE-READMEs/
  4. squashfs-tools/
  5. ACKNOWLEDGEMENTS
  6. CHANGES
  7. COPYING
  8. INSTALL
  9. README
  10. RELEASE-README