New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fsck.vfat invalid memory access in get_fat #12

Closed
hannob opened this Issue Sep 8, 2015 · 1 comment

Comments

Projects
None yet
2 participants
@hannob

hannob commented Sep 8, 2015

This file will generate some invalid memory read in fsck.vfat:
https://crashes.fuzzing-project.org/dosfstools-get_fat-invalid-read

Judging from the output of address sanitizer and valgrind it is a bit unusual, it seems to be neither memory on the stack or heap, but it also doesn't crash the app if run without asan or valgrind. Happens both with the latest release and latest git code.

Found with american fuzzy lop.

This is the address sanitizer stack trace:

==17848==ERROR: AddressSanitizer: SEGV on unknown address 0x6020000105d8 (pc 0x0000004f1ace bp 0x7ffcae3ad230 sp 0x7ffcae3ad080 T0)
    #0 0x4f1acd in get_fat /f/dosfstools-3.0.26/src/fat.c:53:26
    #1 0x4ea4e6 in check_file /f/dosfstools-3.0.26/src/check.c:569:2
    #2 0x4ea4e6 in check_files /f/dosfstools-3.0.26/src/check.c:683
    #3 0x4ede42 in scan_dir /f/dosfstools-3.0.26/src/check.c:1029:9
    #4 0x4ede42 in subdirs /f/dosfstools-3.0.26/src/check.c:1053
    #5 0x4e4f90 in scan_root /f/dosfstools-3.0.26/src/check.c:1085:12
    #6 0x4ddaf4 in main /f/dosfstools-3.0.26/src/fsck.fat.c:188:27
    #7 0x7efe5b4eef9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
    #8 0x437106 in _start (/mnt/ram/dosfstools/fsck.fat+0x437106)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /f/dosfstools-3.0.26/src/fat.c:53 get_fat

@andreasbombe andreasbombe self-assigned this Sep 8, 2015

@andreasbombe

This comment has been minimized.

Contributor

andreasbombe commented Sep 12, 2015

Thank you very much, that was a nasty one: FAT12 corruption when a certain FAT entry at the end is changed. That bug has existed since very old versions, maybe right from the start.

Fixed now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment