Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / e2fsprogs / d45b67c5f2a66597d8e2915052e180203a9193b8
commitd45b67c5f2a66597d8e2915052e180203a9193b8[log] [tgz]
authorJim Keniston <jkenisto@us.ibm.com>Mon Aug 06 18:46:03 2012 -0400
committerTheodore Ts'o <tytso@mit.edu>Mon Aug 06 18:46:42 2012 -0400
treeda75e6d05667a64600d60a98d92faeeab98cae45
parentd5aa6a82b37a0e78d8882601e6ad9da9d9dcb4da [diff]
e2fsck: fix potential segv when handling a read error in a superblock

When passed a negative count (indicating a byte count rather than
a block count) e2fsck_handle_read_error() treats the data as a full
block, causing unix_write_blk64() (which can handle negative counts
just fine) to try to write too much.  Given a faulty block device,
this resulted in a SEGV when unix_write_blk64() read past the bottom
of the stack copying the data to cache.  (check_backup_super_block ->
unix_read_blk64 -> raw_read_blk -> e2fsck_handle_read_error)

Reported-by: Alex Friedman <alexfr@il.ibm.com>
Signed-off-by: Jim Keniston <jkenisto@us.ibm.com>
Signed-off-by: Dan Streetman <ddstreet@us.ibm.com>
Reviewed-by: Mingming Cao <mcao@us.ibm.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
1 file changed
tree: da75e6d05667a64600d60a98d92faeeab98cae45
  1. config/
  2. contrib/
  3. debian/
  4. debugfs/
  5. doc/
  6. e2fsck/
  7. ext2ed/
  8. include/
  9. install-utils/
  10. intl/
  11. lib/
  12. misc/
  13. po/
  14. resize/
  15. tests/
  16. util/
  17. .gitignore
  18. .hgignore
  19. .missing-copyright
  20. .release-checklist
  21. ABOUT-NLS
  22. aclocal.m4
  23. configure
  24. configure.in
  25. COPYING
  26. depfix.sed
  27. e2fsprogs.lsm
  28. e2fsprogs.spec.in
  29. INSTALL
  30. INSTALL.elfbin
  31. Makefile.in
  32. MCONFIG.in
  33. README
  34. README.subset
  35. RELEASE-NOTES
  36. SHLIBS
  37. SUBMITTING-PATCHES
  38. TODO
  39. version.h
  40. wordwrap.pl