fsck.vfat invalid memory access in get_fat

[hannob]

This file will generate some invalid memory read in fsck.vfat:
https://crashes.fuzzing-project.org/dosfstools-get_fat-invalid-read

Judging from the output of address sanitizer and valgrind it is a bit unusual, it seems to be neither memory on the stack or heap, but it also doesn't crash the app if run without asan or valgrind. Happens both with the latest release and latest git code.

Found with american fuzzy lop.

This is the address sanitizer stack trace:

==17848==ERROR: AddressSanitizer: SEGV on unknown address 0x6020000105d8 (pc 0x0000004f1ace bp 0x7ffcae3ad230 sp 0x7ffcae3ad080 T0)
    #0 0x4f1acd in get_fat /f/dosfstools-3.0.26/src/fat.c:53:26
    #1 0x4ea4e6 in check_file /f/dosfstools-3.0.26/src/check.c:569:2
    #2 0x4ea4e6 in check_files /f/dosfstools-3.0.26/src/check.c:683
    #3 0x4ede42 in scan_dir /f/dosfstools-3.0.26/src/check.c:1029:9
    #4 0x4ede42 in subdirs /f/dosfstools-3.0.26/src/check.c:1053
    #5 0x4e4f90 in scan_root /f/dosfstools-3.0.26/src/check.c:1085:12
    #6 0x4ddaf4 in main /f/dosfstools-3.0.26/src/fsck.fat.c:188:27
    #7 0x7efe5b4eef9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
    #8 0x437106 in _start (/mnt/ram/dosfstools/fsck.fat+0x437106)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /f/dosfstools-3.0.26/src/fat.c:53 get_fat

[andreasbombe]

Thank you very much, that was a nasty one: FAT12 corruption when a certain FAT entry at the end is changed. That bug has existed since very old versions, maybe right from the start.

Fixed now.

[andreasbombe]

Thank you very much, that was a nasty one: FAT12 corruption when a certain FAT entry at the end is changed. That bug has existed since very old versions, maybe right from the start.

Fixed now.