[Bug 1342255] Re: SRU: fix parted memory corruption crash

Mon, 10 Nov 2014 11:56:54 -0800 

** Description changed:

- After copying data from a `hfsplus`to a `fat32`/`vfat` partition on an
- USB stick with `cp` of busybox 1.20.2 in a Lubuntu 13.04 live session on
- an `iMac G4 PowerMac 6,1`, gparted crashes with
+ [Impact]
  
-   * `*** Error in `/usr/sbin/gpartedbin': malloc(): corrupted unsorted chunks 
2: 0x0000000000b93e10 ***` if I request the `vfat` partition to be made smaller 
and an ext4 partition to be created on the freed space
-   * `Attempt to write sectors 4026-4089 outside of partition on .
- *** Error in `/usr/sbin/gpartedbin': corrupted double-linked list: 
0x0000000002303740 ***` if I request the `vfat` partition to be made smaller 
only
+ Parted, and tools that depend on it like gparted, crash or have other
+ errant behavior due to memory corruption.
  
- The USB stick is a SanDisk Extreme USB 3.0 with 64 GB capacity. Two
- primary fat32 partitions (formatted with gparted) are present on a
- `msdos` partition table.
+ [Test Case]
  
- Experienced with 0.18.0 on Ubuntu 14.04.
+ Create a fat16 partition and use gparted to resize it.
+ 
+ [Regression Potential]
+ Minimal: patch just fixes the code to check for a null pointer and avoid 
dereferencing it.
+ 
+ [Other Info]
+ 
+ Mike Fleetwood discovered a memory corruption error in parted while
+ investigating a crash report against upstream gparted.  The fix has been
+ applied to the upstream parted git repo and needs cherry picked to our
+ parted release in 14.04.
+ 
+ Patch notes:
+ 
+     lib-fs-resize: Prevent crash resizing FAT16 file systems
+ 
+     Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c
+     create_resize_context() because it was dereferencing NULL pointer
+     fs_info->info_sector to copy the info_sector.
+ 
+     Only FAT32 file systems have info_sector populated by fat_open() ->
+     fat_info_sector_read().  FAT12 and FAT16 file systems don't have an
+     info_sector so pointer fs_info->info_sector remains assigned NULL from
+     fat_alloc().  When resizing a FAT file system create_resize_context()
+     was always dereferencing fs_info->info_sector to memory copy the
+     info_sector, hence it crashed for FAT12 and FAT16.
+ 
+     Make create_resize_context() only copy the info_sector for FAT32 file
+     systems.
+ 
+     Reported by Christian Hesse in
+     https://bugzilla.gnome.org/show_bug.cgi?id=735669

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342255

Title:
  SRU: fix parted memory corruption crash

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parted/+bug/1342255/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to