[bug #51188] FPE (division by zero) in grub_ext2_read_inode()

Tue, 06 Jun 2017 04:00:55 -0700 

URL:
  <http://savannah.gnu.org/bugs/?51188>

                 Summary: FPE (division by zero) in grub_ext2_read_inode()
                 Project: GNU GRUB
            Submitted by: fumfel
            Submitted on: Tue 06 Jun 2017 11:00:13 AM UTC
                Category: Filesystem
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: other
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

While fuzzing radare2 I found FPE in function grub_ext2_read_inode()

Original issue with repro: https://github.com/radare/radare2/issues/7650

ASAN from r2:

==10375==ERROR: AddressSanitizer: FPE on unknown address 0x7fb2f4af4726 (pc
0x7fb2f4af4726 bp 0x7fff41d52850 sp 0x7fff41d52720 T0)
    #0 0x7fb2f4af4725 in grub_ext2_read_inode
XYZ/radare2/shlr/grub/fs/ext2.c:525:29
    #1 0x7fb2f4af2ce4 in grub_ext2_mount
XYZ/radare2/shlr/grub/fs/ext2.c:593:3
    #2 0x7fb2f4af19ac in grub_ext2_dir XYZ/radare2/shlr/grub/fs/ext2.c:863:10
    #3 0x7fb2f4ad2c58 in ext2__mount
XYZ/radare2/libr/fs/p/fs_grub_base.c:74:8
    #4 0x7fb2f4addeaa in r_fs_mount XYZ/radare2/libr/fs/fs.c:151:7
    #5 0x7fb2f7ef996b in cmd_mount XYZ/radare2/libr/core/./cmd_mount.c:49:9
    #6 0x7fb2f80be7df in r_cmd_call XYZ/radare2/libr/core/cmd_api.c:226:10
    #7 0x7fb2f7faddeb in r_core_cmd_subst_i
XYZ/radare2/libr/core/cmd.c:2178:12
    #8 0x7fb2f7ef6127 in r_core_cmd_subst XYZ/radare2/libr/core/cmd.c:1368:9
    #9 0x7fb2f7eef8b9 in r_core_cmd XYZ/radare2/libr/core/cmd.c:2786:9
    #10 0x7fb2f7eda74f in r_core_cmdf XYZ/radare2/libr/core/cmd.c:2942:8
    #11 0x7fb2f8098e42 in bin_info XYZ/radare2/libr/core/cbin.c:621:4
    #12 0x7fb2f8098e42 in r_core_bin_info XYZ/radare2/libr/core/cbin.c:2870
    #13 0x7fb2f8089531 in r_core_bin_set_env
XYZ/radare2/libr/core/cbin.c:115:3
    #14 0x7fb2f8015064 in r_core_file_do_load_for_io_plugin
XYZ/radare2/libr/core/file.c:434:2
    #15 0x7fb2f8015064 in r_core_bin_load XYZ/radare2/libr/core/file.c:567
    #16 0x55e7cf695f6b in main XYZ/radare2/binr/radare2/radare2.c:952:14
    #17 0x7fb2f0bae82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x55e7cf5c5f38 in _start (/usr/local/bin/radare2+0x20f38)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE XYZ/radare2/shlr/grub/fs/ext2.c:525:29 in
grub_ext2_read_inode
==10375==ABORTING




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51188>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/


_______________________________________________
Bug-grub mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-grub

Reply via email to