fsck crashes checking external FAT drive

Bug #113919 reported by Kien Tran
10
Affects Status Importance Assigned to Milestone
dosfstools (Ubuntu)
Fix Released
Medium
Unassigned
Hardy
Won't Fix
Undecided
Onno Benschop

Bug Description

 Core was generated by `fsck.vfat -y /dev/sda1'.
 Program terminated with signal 11, Segmentation fault.

Core file available.

==
1. This bug results in dosfsck crashing on a severely corrupted file system, leaving that file system unusable.

2. The bug was fixed in Debian sid and subsequently synchronized to Intrepid.

3. The patch as suggested in sid contains other changes and a smaller patch will be attached.

4. -- tba -- reproduce bug

5. -- tba -- regression

Revision history for this message
Brian Murray (brian-murray) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. With which version of Ubuntu did you notice this issue? Thanks in advance.

Revision history for this message
Brian Murray (brian-murray) wrote :

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and feel free to submit bug reports in the future.

Revision history for this message
Kien Tran (kienvtran) wrote :

Hi Brian, it's Ubuntu 6.10. I am attaching the crash report. Sent you this info via email 2007/05/11, maybe it went into your spam box.

Revision history for this message
Kien Tran (kienvtran) wrote :

Info provided

Revision history for this message
Karl Tomlinson (bugs+launchpad) wrote :

I don't know how to interpret _sbin_fsck.vfat.1000.crash.gz, so I can't confirm that the crashes that I saw are the same, but this patch resolves the few crashes that I saw with upstream dosfstools-2.11 due to zero slot numbers causing a negative offset in the call to copy_lfn_part in lfn_add_slot. On amd64 this results in a SIGSEGV in copy_lfn_part. On x86 the result is heap corruption and thus sometimes a SIGSEGV or double free abort later.

Revision history for this message
Ricardo L. Febrero (rlfebrero) wrote :

Hey, folks, this bug has reappeared in Ubuntu Hardy, AMD64. I have tried with both mainstream app and Ubuntu Hardy version, both last stable version (2.11 mainstream & 2.11-2.3ubuntu1 Ubuntu):

Running the following command:
# fsck.vfat -a /dev/sdd1

ddd gives the following:

=== THIS IS MAINSTREAM APPLICATION

Address dst=0x10067f4b6 out of bounds at
lfn.c, line 111:

lfn.c:
...
110 ...
111 memcpy( dst, lfn->name0_4, 10 );
112 ...
...

lfn=0x7fffeef104b0

========== THIS IS UBUNTU HARDY APP

Reserved field in VFAT long filename slot is not 0 (but 0x88).
Auto-setting to 0.
Start cluster field in VFAT long filename slot is not 0 (but 0x3db0).
Auto-setting to 0.
Unfinished long file name ":8Yc:9Ja:3Cj:7xB:C4a:50N:B2-:DmH:CbQ:4Qs:CfH:D9h:0dy".
  (Start may have been overwritten by b�\032-\216��\011.s\021F)
  Not auto-correcting this.
W
Program received signal SIGSEGV, Segmentation fault.
_______________________________________________________________________________
Error while running hook_stop:
Value can't be converted to integer.
0x0000000000406de4 in copy_lfn_part (dst=0x10067c746 <Address 0x10067c746 out of bounds>, lfn=0x7fff983dba20) at lfn.c:111
111 lfn.c: No such file or directory.
 in lfn.c

==========

Any ideas??

Revision history for this message
Ricardo L. Febrero (rlfebrero) wrote :

This also applies to upstream, so I have sent a message upstream to Roman Hodek.

Revision history for this message
Onno Benschop (onno-itmaze) wrote :

What kind of file-system are you using, that is, which codepage?

Revision history for this message
Ricardo L. Febrero (rlfebrero) wrote : Re: [Bug 113919] Re: fsck crashes checking external FAT drive

Codepage 850 (European) for vfat, iso8859-15 and utf-8 on Linux.

2008/9/8 Onno Benschop <email address hidden>:
> What kind of file-system are you using, that is, which codepage?
>
> --
> fsck crashes checking external FAT drive
> https://bugs.launchpad.net/bugs/113919
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Néstor
+34 687 96 74 81
<email address hidden>

Revision history for this message
Karl Tomlinson (bugs+launchpad) wrote :

The patch in comment 5 has been applied in Debian. You may like to try the latest Debian package.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152550
http://packages.debian.org/sid/dosfstools

Revision history for this message
Ricardo L. Febrero (rlfebrero) wrote :

Ok!! It works fine now, it only complains that it has many errors, but
no SEGFAULT. Should it be possible to apply the patch to the stable
version???

2008/9/8 Karl Tomlinson <email address hidden>:
> The patch in comment 5 has been applied in Debian. You may like to try the latest Debian package.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152550
> http://packages.debian.org/sid/dosfstools
>
> --
> fsck crashes checking external FAT drive
> https://bugs.launchpad.net/bugs/113919
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Néstor
+34 687 96 74 81
<email address hidden>

Revision history for this message
Onno Benschop (onno-itmaze) wrote :

Well, we cannot just "patch" a stable version, because it has already been released. The patch suggested by Karl (in fact, contributed by Karl) has already been included in the Intrepid release.

I think this may be a candidate for an SRU and I'm looking into that.

Revision history for this message
Steve Langasek (vorlon) wrote :

reported fixed in intrepid.

Changed in dosfstools:
status: Confirmed → Fix Released
description: updated
Revision history for this message
Onno Benschop (onno-itmaze) wrote :

I'm reviewing the suggested patch for proposal as an SRU.

Changed in dosfstools:
assignee: nobody → onno-itmaze
Revision history for this message
Rolf Leggewie (r0lf) wrote :

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".

Changed in dosfstools (Ubuntu Hardy):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.