Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / e2fsprogs / 8b5273d5d10d180d981381353d2c88fee5744a2d
commit8b5273d5d10d180d981381353d2c88fee5744a2d[log] [tgz]
authorTheodore Ts'o <tytso@mit.edu>Fri Jun 22 10:46:52 2018 -0400
committerTheodore Ts'o <tytso@mit.edu>Fri Jun 22 11:26:15 2018 -0400
tree1fffe68d3e2524546da9de90feba24522ec130b1
parenta691f8d844faca28524b7c55780873244a070be7 [diff]
libext2fs: don't corrupt an blkmap64_rb when marking a range of size zero

Calling ext2fs_mark_block_bitmap_range2() with a count of zero can end
up corrupting the red-black block bitmap structure, since a an entry
in the rbtree with zero-length extent can end up causing the
find_first_{zero,set} operations to return incorrect results.

This was found by Adam Buchbinder, who created a fuzzed file system
using which AFL that caused e2fsck to hang in an infinite loop in in
e2fsck's readahead code.

Added a regression test to detect this failure.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
3 files changed
tree: 1fffe68d3e2524546da9de90feba24522ec130b1
  1. config/
  2. contrib/
  3. debian/
  4. debugfs/
  5. doc/
  6. e2fsck/
  7. ext2ed/
  8. include/
  9. install-utils/
  10. intl/
  11. lib/
  12. misc/
  13. po/
  14. resize/
  15. tests/
  16. util/
  17. RELEASE-NOTESdoc/RelNotes/v1.44.1.txt
  18. .gitignore
  19. .hgignore
  20. .missing-copyright
  21. .release-checklist
  22. ABOUT-NLS
  23. acinclude.m4
  24. aclocal.m4
  25. Android.bp
  26. CleanSpec.mk
  27. configure
  28. configure.ac
  29. depfix.sed
  30. e2fsprogs.lsm
  31. e2fsprogs.spec.in
  32. INSTALL
  33. INSTALL.elfbin
  34. Makefile.in
  35. MCONFIG.in
  36. NOTICE
  37. README
  38. README.subset
  39. SHLIBS
  40. SUBMITTING-PATCHES
  41. TODO
  42. version.h
  43. wordwrap.pl