https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271383
Bug ID: 271383
Summary: negative jb_blk in a JOP_FREEBLK ffs journal record
can cause fsck to crash
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Created attachment 242135
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=242135&action=edit
broken ffs image with negative jb_blk that can cause fsck to crash
I've attached a gzipped ffs image with a negative block number
in a journal record which causes ffs_isblock() to index into its cp[]
argument with a negative index. You may need valgrind to see the problem. A
backtrace from fsck_ffs -y fsck24a.img:
(gdb) where
#0 ffs_isblock (fs=<optimized out>, cp=0x800a370d8 "", h=-240) at
/usr/src/sys/ufs/ffs/ffs_subr.c:922
#1 0x0000000000227b10 in blk_isfree (bno=-9204789740589546200) at suj.c:523
#2 0x000000000022781c in blk_isindir (blk=-9204789740589546200, ino=3,
lbn=-4611686018427387913) at suj.c:377
#3 0x00000000002273eb in indir_visit (ino=3, lbn=-4611686018427387913,
blk=-9204789740589546200, frags=0x7fffffffe668, visitor=0x229180
<blk_free_visit>, flags=1) at suj.c:728
#4 0x000000000022bb6e in blk_free_lbn (blk=-9204789740589546200, ino=3,
lbn=-4611686018427387913, frags=8, follow=1) at suj.c:917
#5 0x000000000022b9c9 in blk_check (sblk=0x800a93030) at suj.c:1541
#6 0x0000000000227195 in cg_check_blk (sc=0x800a888c0) at suj.c:1612
#7 0x0000000000226dc5 in cg_apply (apply=0x227150 <cg_check_blk>) at
suj.c:1638
#8 0x0000000000225571 in suj_check (filesys=0x7fffffffed71 "junk") at
suj.c:2461
#9 0x00000000002195c6 in checkfilesys (filesys=0x7fffffffed71 "junk") at
main.c:356
#10 0x0000000000218f72 in main (argc=1, argv=0x7fffffffea20) at main.c:210
--
You are receiving this mail because:
You are the assignee for the bug.
