SRU: fix parted memory corruption crash

Bug #1342255 reported by Karl-Philipp Richter
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
parted (Ubuntu)
Fix Released
Undecided
Phillip Susi
Trusty
Confirmed
Undecided
Unassigned

Bug Description

[Impact]

Parted, and tools that depend on it like gparted, crash or have other errant behavior due to memory corruption.

[Test Case]

Create a fat16 partition and use gparted to resize it.

[Regression Potential]
Minimal: patch just fixes the code to check for a null pointer and avoid dereferencing it.

[Other Info]

Mike Fleetwood discovered a memory corruption error in parted while investigating a crash report against upstream gparted. The fix has been applied to the upstream parted git repo and needs cherry picked to our parted release in 14.04.

Patch notes:

    lib-fs-resize: Prevent crash resizing FAT16 file systems

    Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c
    create_resize_context() because it was dereferencing NULL pointer
    fs_info->info_sector to copy the info_sector.

    Only FAT32 file systems have info_sector populated by fat_open() ->
    fat_info_sector_read(). FAT12 and FAT16 file systems don't have an
    info_sector so pointer fs_info->info_sector remains assigned NULL from
    fat_alloc(). When resizing a FAT file system create_resize_context()
    was always dereferencing fs_info->info_sector to memory copy the
    info_sector, hence it crashed for FAT12 and FAT16.

    Make create_resize_context() only copy the info_sector for FAT32 file
    systems.

    Reported by Christian Hesse in
    https://bugzilla.gnome.org/show_bug.cgi?id=735669

Tags: trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gparted (Ubuntu):
status: New → Confirmed
Revision history for this message
Curtis Gedak (gedakc) wrote :

GParted 0.18.0 contains some bugs known to cause crashes.

See:
Bug 729139 - Refactor OperationDetail to address random crash behavior
https://bugzilla.gnome.org/show_bug.cgi?id=729139

Bug 731752 - Write after free cross thread race in PipeCapture::_OnReadable() causes crash
https://bugzilla.gnome.org/show_bug.cgi?id=731752

Can you retry using GParted 0.20.0?

The easiest way might be to boot from media containing GParted Live (version 0.20.0-2 is soon to migrate from the testing folder to the production folder).
http://gparted.org/livecd.php

Revision history for this message
Phillip Susi (psusi) wrote :

Curtis, the second bug was actually introduced in 0.19 by commit "Prevent GSource double-destroy warning messages (#729800)", so it is not present in 0.18.0. I had forgotten about the first one though. I prepared a merge request the last days to apply the second fix to ubuntu 14.10, so now I suppose I'll get the first fix backported to 14.04.

Revision history for this message
Curtis Gedak (gedakc) wrote :

Thank you Phillip for following up on these problems and back-porting the appropriate patches. :-)

If I understand your post correctly, the "second" bug was introduced in 0.19. Was this "second" bug fixed in 0.19.1 by "Prevent cross thread write after free in _OnReadable() (#731752)" ?

I guess what I'm trying to determine is whether there is a known crash bug in the latest release of GParted that we need to address.

Revision history for this message
Phillip Susi (psusi) wrote :

Right... the cross thread write was introduced by "Prevent GSource double-destroy...". The fix for that is now in my ppa and I will have it merged into utopic soon. The fix for the other bug I think applies to both trusty and utopic so I will need to apply that as well.

Phillip Susi (psusi)
affects: gparted (Ubuntu) → parted (Ubuntu)
Changed in parted (Ubuntu):
assignee: nobody → Phillip Susi (psusi)
status: Confirmed → In Progress
summary: - `malloc(): corrupted unsorted chunks 2` after copying data from hfsplus
- partition with cp
+ SRU: fix parted memory corruption crash
Phillip Susi (psusi)
description: updated
Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Any news about the SRU to Trusty?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package parted - 3.2-7

---------------
parted (3.2-7) unstable; urgency=medium

  [ Phillip Susi ]
  * Cherry pick upstream patch to fix a crash when resizing fat16
    (LP: #1342255).

  [ Colin Watson ]
  * Drop libparted2's alternative Suggests on nparted, which has not been in
    Debian for a decade or so.

 -- Colin Watson <email address hidden> Thu, 19 Mar 2015 10:58:55 +0000

Changed in parted (Ubuntu):
status: In Progress → Fix Released
tags: added: trusty
Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Any updates on this for trusty?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in parted (Ubuntu Trusty):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.