fsck crashes checking external FAT drive

Thanks for taking the time to report this bug and helping to make Ubuntu better. With which version of Ubuntu did you notice this issue? Thanks in advance.

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and feel free to submit bug reports in the future.

Hi Brian, it's Ubuntu 6.10. I am attaching the crash report. Sent you this info via email 2007/05/11, maybe it went into your spam box.

Info provided

I don't know how to interpret _sbin_fsck.vfat.1000.crash.gz, so I can't confirm that the crashes that I saw are the same, but this patch resolves the few crashes that I saw with upstream dosfstools-2.11 due to zero slot numbers causing a negative offset in the call to copy_lfn_part in lfn_add_slot. On amd64 this results in a SIGSEGV in copy_lfn_part. On x86 the result is heap corruption and thus sometimes a SIGSEGV or double free abort later.

Hey, folks, this bug has reappeared in Ubuntu Hardy, AMD64. I have tried with both mainstream app and Ubuntu Hardy version, both last stable version (2.11 mainstream & 2.11-2.3ubuntu1 Ubuntu):

Running the following command:
# fsck.vfat -a /dev/sdd1

ddd gives the following:

=== THIS IS MAINSTREAM APPLICATION

Address dst=0x10067f4b6 out of bounds at
lfn.c, line 111:

lfn.c:
...
110 ...
111 memcpy( dst, lfn->name0_4, 10 );
112 ...
...

lfn=0x7fffeef104b0

========== THIS IS UBUNTU HARDY APP

Reserved field in VFAT long filename slot is not 0 (but 0x88).
Auto-setting to 0.
Start cluster field in VFAT long filename slot is not 0 (but 0x3db0).
Auto-setting to 0.
Unfinished long file name ":8Yc:9Ja:3Cj:7xB:C4a:50N:B2-:DmH:CbQ:4Qs:CfH:D9h:0dy".
  (Start may have been overwritten by b�\032-\216��\011.s\021F)
  Not auto-correcting this.
W
Program received signal SIGSEGV, Segmentation fault.
_______________________________________________________________________________
Error while running hook_stop:
Value can't be converted to integer.
0x0000000000406de4 in copy_lfn_part (dst=0x10067c746 <Address 0x10067c746 out of bounds>, lfn=0x7fff983dba20) at lfn.c:111
111 lfn.c: No such file or directory.
 in lfn.c

==========

Any ideas??

This also applies to upstream, so I have sent a message upstream to Roman Hodek.

What kind of file-system are you using, that is, which codepage?

Codepage 850 (European) for vfat, iso8859-15 and utf-8 on Linux.

2008/9/8 Onno Benschop <email address hidden>:
> What kind of file-system are you using, that is, which codepage?
>
> --
> fsck crashes checking external FAT drive
> https://bugs.launchpad.net/bugs/113919
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Néstor
+34 687 96 74 81
<email address hidden>

The patch in comment 5 has been applied in Debian. You may like to try the latest Debian package.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152550
http://packages.debian.org/sid/dosfstools

Ok!! It works fine now, it only complains that it has many errors, but
no SEGFAULT. Should it be possible to apply the patch to the stable
version???

2008/9/8 Karl Tomlinson <email address hidden>:
> The patch in comment 5 has been applied in Debian. You may like to try the latest Debian package.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152550
> http://packages.debian.org/sid/dosfstools
>
> --
> fsck crashes checking external FAT drive
> https://bugs.launchpad.net/bugs/113919
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Néstor
+34 687 96 74 81
<email address hidden>

Well, we cannot just "patch" a stable version, because it has already been released. The patch suggested by Karl (in fact, contributed by Karl) has already been included in the Intrepid release.

I think this may be a candidate for an SRU and I'm looking into that.

reported fixed in intrepid.

I'm reviewing the suggested patch for proposal as an SRU.

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".