Bug#632632: libaal-dev: Casts 64 bit integers to "int", breaking operations on filesystems with large bitmaps

Mon, 04 Jul 2011 01:45:19 -0700 

Package: libaal-dev
Version: 1.0.5-5
Severity: critical
Justification: causes serious data loss


In bitops.c, several functions get offsets and sizes with type bit_t, which is
64 bit, but local variables which hold the result of calculations on those
bit_t variables are of type int, which of causes incorrect results for
filesystems with block bitmaps that are larger than 2 GiB. I'm marking this
critical as this causes fsck.reiserfs to work incorrectly on such filesystems,
potentially breaking it beyond repair.

I have attached a patch, but please have a good look at it to see if I did not
miss anything.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libaal-dev depends on:
ii  libc6-dev [libc-dev]          2.13-8     Embedded GNU C Library: Developmen

libaal-dev recommends no packages.

libaal-dev suggests no packages.

-- no debconf information

--- libaal-1.0.5.orig/src/bitops.c
+++ libaal-1.0.5/src/bitops.c
@@ -80,7 +80,7 @@
 				    bit_t size,
 				    bit_t offset) 
 {
-	int bit = offset & 7, res;
+	bit_t bit = offset & 7, res;
 	unsigned char *addr = map;
 	unsigned char *p = addr + (offset >> 3);
   
@@ -100,7 +100,7 @@
 
 /* Finds zero bit in @byte starting from @offset */
 static inline int aal_find_nzb(unsigned char byte, bit_t offset) {
-        int i = offset;
+        bit_t i = offset;
         unsigned char mask = 1 << offset;
 
         while ((byte & mask) != 0) {
@@ -119,9 +119,9 @@
 				   bit_t offset)
 {
         unsigned char *addr = map;
-        unsigned int byte_nr = offset >> 3;
-        unsigned int bit_nr = offset & 0x7;
-        unsigned int max_byte_nr = (size - 1) >> 3;
+        bit_t byte_nr = offset >> 3;
+        bit_t bit_nr = offset & 0x7;
+        bit_t max_byte_nr = (size - 1) >> 3;
 
         if (bit_nr != 0) {
 		unsigned int b = ~(unsigned int)addr[byte_nr];
@@ -152,8 +152,8 @@
 			   bit_t start, 
 			   bit_t count)
 {
-	int end_byte;
-	int start_byte;
+	bit_t end_byte;
+	bit_t start_byte;
 	char *addr = map;
 	bit_t left, right;
 	
@@ -185,8 +185,8 @@
 			 bit_t start, 
 			 bit_t count)
 {
-	int end_byte;
-	int start_byte;
+	bit_t end_byte;
+	bit_t start_byte;
 	char *addr = map;
 	bit_t left, right;

Reply via email to