Here are the actual prints which helped me debug the issue: tablesize= 12288 ROUND_UP(tablesize + 1)= 14336 ROUND_UP(tablesize)= 12288
12288 is an exact multiple of 2048 (the sector size), that's why ROUND_UP() does not change it. So you see, if we don't add 1 to 12288, ROUND_UP() gives us back the same tablesize, which does not leave space for the terminating null. Note also that the tablesize is computed by adding up the lenghts of the lines in the translation table. So that does not add 1 for null termination either. (You have one out of 2048 chances to catch this, so 2048/15 years = 136 per year = 1 mkhybrid per 3 days for 15 years. Just kidding.) On Tue, 2021-10-19 at 21:21 +0300, Soner Tari wrote: > > Synopsis: In certain cases, mkhybrid(8) with -T crashes with > segmentation fault. > > > Category: system > > Environment: > System : OpenBSD 7.0 > Details : OpenBSD 7.0 (GENERIC.MP) #0: Fri Oct 15 05:21:14 > +03 2021 > [email protected]:/sys/arch/amd64/compi > le/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > > > Description: > This issue is due to an omission to allocate space for null > termination. > > The code allocates tablesize space for the (char *) table field. > Then, > on line 520 in tree.c, the table field is used to accumulate the > lines > of the translation table. When the loop reaches the last line, > sprintf() segfaults when it cannot find space for the terminating > null. > > > How-To-Repeat: > It is not possible to replicate this issue easily, because the > tablesize is passed to the ROUND_UP() macro before being passed to > e_malloc() and memset(). Apparently, ROUND_UP() successfully hides > this > null termination issue, while it is trying to adjust for the sector > size. You should be (un-)lucky enough to catch it (I've been using > mkhybrid for the past 15 years, and never had any problems). > > > Fix: > I don't know if this issue is related with OpenBSD or gnu, but the > following simple patch fixes it. > > --- /usr/src/gnu/usr.sbin/mkhybrid/src/tree.c.orig Mon Oct 18 > 02:47:25 2021 > +++ /usr/src/gnu/usr.sbin/mkhybrid/src/tree.c Mon Oct 18 05:15:08 > 2021 > @@ -409,8 +409,8 @@ > table->filedir = this_dir; > table->de_flags |= INHIBIT_JOLIET_ENTRY; > table->name = strdup("<translation table>"); > - table->table = (char *) e_malloc(ROUND_UP(tablesize)); > - memset(table->table, 0, ROUND_UP(tablesize)); > + table->table = (char *) e_malloc(ROUND_UP(tablesize + 1)); > + memset(table->table, 0, ROUND_UP(tablesize + 1)); > #ifdef APPLE_HYB > iso9660_file_length (trans_tbl, table, 0); > #else >
