Bug#775646: SIGSEGV in ntfs_mft_record_alloc

[Jean-Pierre André]

The metadata showed the segfault was caused by a bad
initialization of unused file records associated with a
missing safety check in ntfs-3g.

The attached patch adds the safety check, thus avoiding
the segfault.

Users having the same issue should start a chkdsk on
Windows, then use ntfswipe with option --mft to clean the
unused file records.


check-usa-ofs.patch.gz
Description: application/gzip

Bug#775646: SIGSEGV in ntfs_mft_record_alloc

[Jean-Pierre André]

Thank you for posting detailed information about this issue.

As most of the data shown have invalid values, some record
is overflowing. See for instance the calls to ntfs_create()
and __ntfs_create(), whose arguments should not have different
values.

The error occurs in a sanity check while creating a new file :
before allocating a record, its current contents is read from
disk to make sure it is really available. However it apparently
contained invalid data (which is to be expected), which somehow
fooled the safety measures (which are probably too weak).

First, it would be useful to get a metadata image of your file
system, so that I can repeat the situation and improve the
safety test :
sudo ntfsclone -mst -O - /dev/sdb2 | gzip  metadata.gz
then upload metadata.gz to some public server and email its URL
to me in private. Just note that the metadata image contains no
user data, but the file names are visible, which my be a
problem. The compressed metadata size is about 5% the size of
the file system.

Second, you can probably clean the unused records and kill
the one which leads to the segfault by ntfswipe :
sudo ntfswipe -m /dev/sdb2
ntfswipe is supposed to not alter the useful parts of records,
however having a backup (or at least a copy of the metadata)
is highly recommended. You may even make a test on the metadata
before doing it for real.


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775646: SIGSEGV in ntfs_mft_record_alloc

[Gianluigi Tiesi]

Package: ntfs-3g
Version: 1:2014.2.15AR.3-1
Severity: important
Tags: upstream

I'm trying to rsync a directory from ext4 to ntfs but I get constantly crash
It happens also after windows chkdsk

here out/gdb info:

Reading symbols from ntfs-3g...Reading symbols from 
/usr/lib/debug/.build-id/7e/eead72bf06909ac8adab4bbea346fc8cc4dc22.debug.
...done.
done. 
(gdb) run -o no_detach /dev/sdb2 /mnt/ntfs/
Starting program: /bin/ntfs-3g -o no_detach /dev/sdb2 /mnt/ntfs/
[Thread debugging using libthread_db enabled]
Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1.
Version 2014.2.15AR.3 integrated FUSE 28
Mounted /dev/sdb2 (Read-Write, label BoySlim, NTFS 3.1)
Cmdline options: no_detach
Mount options: 
allow_other,nonempty,relatime,fsname=/dev/sdb2,blkdev,blksize=4096
Ownership and permissions disabled, configuration type 7
ntfs_mst_post_read_fixup_warn: magic: 0xe1ba5cb3  size: 1024   usa_ofs: 34725  
usa_count: 45939: Invalid argument
ntfs_mst_post_read_fixup_warn: magic: 0x65eb6da0  size: 1024   usa_ofs: 25253  
usa_count: 14028: Invalid argument
ntfs_mst_post_read_fixup_warn: magic: 0xd4758cc9  size: 1024   usa_ofs: 39555  
usa_count: 19090: Invalid argument
ntfs_mst_post_read_fixup_warn: magic: 0x7f93ea5a  size: 1024   usa_ofs: 13271  
usa_count: 31837: Invalid argument
ntfs_mst_post_read_fixup_warn: magic: 0x867ec319  size: 1024   usa_ofs: 58829  
usa_count: 33503: Invalid argument

Program received signal SIGSEGV, Segmentation fault.
ntfs_mft_record_alloc (vol=0x7f0e7c44f3c0, base_ni=0x3ec, base_ni@entry=0x0) at 
mft.c:1757
1757mft.c: No such file or directory.

gdb) bt
#0  ntfs_mft_record_alloc (vol=0x7f0e7c44f3c0, base_ni=0x3ec, 
base_ni@entry=0x0) at mft.c:1757
#1  0x7f0e7ba9e338 in __ntfs_create (dir_ni=0x7f0e7c4b32b0, securid=0, 
name=0x7f0e7c4b34c0, name_len=83 'S',
type=32768, dev=0, target=0x0, target_len=0) at dir.c:1508
#2  0x7f0e7baa0742 in ntfs_create (dir_ni=0x7f0e7c44f3c0, securid=1004, 
name=0x7f0e7c4b87f0, name_len=71 'G',
type=2081425152) at dir.c:1763
#3  0x7f0e7c119c69 in ntfs_fuse_create (org_path=optimized out, 
typemode=33152, dev=optimized out, target=0x0,
fi=0x7fffaa4ccfc0) at ntfs-3g.c:1743
#4  0x7f0e7c11a275 in ntfs_fuse_mknod_common (org_path=optimized out, 
mode=33152, dev=0, fi=0x7fffaa4ccfc0)
at ntfs-3g.c:1880
#5  0x7f0e7c121647 in fuse_lib_create (req=0x7f0e7c4b3140, parent=249,
name=0x7f0e7bf33048 
Doctor.Who.2005.1x12.Padroni.Dell.Universo.-.1^.Parte.iTaEnG.DVDMux-DarkSideMux.srt,
 mode=33152,
fi=0x7fffaa4ccfc0) at fuse.c:1792
#6  0x7f0e7c1250ad in do_create (req=optimized out, nodeid=optimized 
out, inarg=optimized out)
at fuse_lowlevel.c:644
#7  0x7f0e7c12425a in fuse_session_loop (se=0x7f0e7c4589d0) at 
fuse_loop.c:34
#8  0x7f0e7c11724c in main (argc=0, argv=0x7f0e7b7fc090) at ntfs-3g.c:3987

(gdb) p *(le16*)((u8*)m + m-usa_ofs)
Cannot access memory at address 0x7f0e7c4c6dbd

(gdb) p m
$6 = (MFT_RECORD *) 0x7f0e7c4b87f0
(gdb) p *m
$7 = {magic = 2256454425, usa_ofs = 58829, usa_count = 33504, lsn = 
5559363449530884608, sequence_number = 11938,
  link_count = 8277, attrs_offset = 41994, flags = 52348, bytes_in_use = 
3528076468, bytes_allocated = 3503433910,
  base_mft_record = 13344062644253006997, next_attr_instance = 54086, reserved 
= 56111, mft_record_number = 1200265100}

source:
usn = *(le16*)((u8*)m + le16_to_cpu(m-usa_ofs));

There are additional info I can provide?

Regards

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-0.bpo.4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages ntfs-3g depends on:
ii  fuse   2.9.3-15+b1
ii  libc6  2.19-13
ii  libgcrypt201.6.2-4+b1
ii  libgnutls-deb0-28  3.3.8-5
ii  libgpg-error0  1.17-3
ii  multiarch-support  2.19-13

ntfs-3g recommends no packages.

ntfs-3g suggests no packages.

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org