SRU: fix parted memory corruption crash

Bug #1342255 reported by Karl-Philipp Richter on 2014-07-15
This bug affects 5 people
Affects Status Importance Assigned to Milestone
parted (Ubuntu)
Phillip Susi

Bug Description


Parted, and tools that depend on it like gparted, crash or have other errant behavior due to memory corruption.

[Test Case]

Create a fat16 partition and use gparted to resize it.

[Regression Potential]
Minimal: patch just fixes the code to check for a null pointer and avoid dereferencing it.

[Other Info]

Mike Fleetwood discovered a memory corruption error in parted while investigating a crash report against upstream gparted. The fix has been applied to the upstream parted git repo and needs cherry picked to our parted release in 14.04.

Patch notes:

    lib-fs-resize: Prevent crash resizing FAT16 file systems

    Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c
    create_resize_context() because it was dereferencing NULL pointer
    fs_info->info_sector to copy the info_sector.

    Only FAT32 file systems have info_sector populated by fat_open() ->
    fat_info_sector_read(). FAT12 and FAT16 file systems don't have an
    info_sector so pointer fs_info->info_sector remains assigned NULL from
    fat_alloc(). When resizing a FAT file system create_resize_context()
    was always dereferencing fs_info->info_sector to memory copy the
    info_sector, hence it crashed for FAT12 and FAT16.

    Make create_resize_context() only copy the info_sector for FAT32 file

    Reported by Christian Hesse in

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gparted (Ubuntu):
status: New → Confirmed
Curtis Gedak (gedakc) wrote :

GParted 0.18.0 contains some bugs known to cause crashes.

Bug 729139 - Refactor OperationDetail to address random crash behavior

Bug 731752 - Write after free cross thread race in PipeCapture::_OnReadable() causes crash

Can you retry using GParted 0.20.0?

The easiest way might be to boot from media containing GParted Live (version 0.20.0-2 is soon to migrate from the testing folder to the production folder).

Phillip Susi (psusi) wrote :

Curtis, the second bug was actually introduced in 0.19 by commit "Prevent GSource double-destroy warning messages (#729800)", so it is not present in 0.18.0. I had forgotten about the first one though. I prepared a merge request the last days to apply the second fix to ubuntu 14.10, so now I suppose I'll get the first fix backported to 14.04.

Curtis Gedak (gedakc) wrote :

Thank you Phillip for following up on these problems and back-porting the appropriate patches. :-)

If I understand your post correctly, the "second" bug was introduced in 0.19. Was this "second" bug fixed in 0.19.1 by "Prevent cross thread write after free in _OnReadable() (#731752)" ?

I guess what I'm trying to determine is whether there is a known crash bug in the latest release of GParted that we need to address.

Phillip Susi (psusi) wrote :

Right... the cross thread write was introduced by "Prevent GSource double-destroy...". The fix for that is now in my ppa and I will have it merged into utopic soon. The fix for the other bug I think applies to both trusty and utopic so I will need to apply that as well.

Phillip Susi (psusi) on 2014-11-10
affects: gparted (Ubuntu) → parted (Ubuntu)
Changed in parted (Ubuntu):
assignee: nobody → Phillip Susi (psusi)
status: Confirmed → In Progress
summary: - `malloc(): corrupted unsorted chunks 2` after copying data from hfsplus
- partition with cp
+ SRU: fix parted memory corruption crash
Phillip Susi (psusi) on 2014-11-10
description: updated
Amr Ibrahim (amribrahim1987) wrote :

Any news about the SRU to Trusty?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package parted - 3.2-7

parted (3.2-7) unstable; urgency=medium

  [ Phillip Susi ]
  * Cherry pick upstream patch to fix a crash when resizing fat16
    (LP: #1342255).

  [ Colin Watson ]
  * Drop libparted2's alternative Suggests on nparted, which has not been in
    Debian for a decade or so.

 -- Colin Watson <email address hidden> Thu, 19 Mar 2015 10:58:55 +0000

Changed in parted (Ubuntu):
status: In Progress → Fix Released
tags: added: trusty
Amr Ibrahim (amribrahim1987) wrote :

Any updates on this for trusty?

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in parted (Ubuntu Trusty):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.