GNU bug report logs - #12656
cp since 8.11 corrupts files

Previous Next

Package: coreutils;

Reported by: "Mike Gerth" <m.gerth <at> avm.de>

Date: Mon, 15 Oct 2012 15:56:01 UTC

Severity: normal

Tags: fixed

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Bernhard Voelker <mail <at> bernhard-voelker.de>
To: Jim Meyering <jim <at> meyering.net>
Cc: m.gerth <at> avm.de, Alan Curry <pacman-cu <at> kosh.dhis.org>, 12656 <at> debbugs.gnu.org
Subject: bug#12656: WG: Re[4]: bug#12656: cp since 8.11 corrupts files
Date: Sun, 21 Oct 2012 11:41:20 +0200

On 10/17/2012 10:44 AM, Jim Meyering wrote:
> From a5365003c88f4fce6293827c13f90acd0b5bd0cc Mon Sep 17 00:00:00 2001
> From: Jim Meyering <jim <at> meyering.net>
> Date: Tue, 16 Oct 2012 17:43:49 +0200
> Subject: [PATCH] cp: avoid data-corrupting free-memory-read
> 
> * src/extent-scan.c (extent_scan_read): Reset our last_ei
> pointer whenever the parent buffer might have just been freed.
> * tests/cp/fiemap-extent-FMR.sh: New test.
> * tests/local.mk (all_tests): Add it.
> * NEWS (Bug fixes): Mention it.
> Reported by Mike Gerth in http://bugs.gnu.org/12656, and with
> help from Alan Curry.  Bug introduced in commit v8.10-60-g18f5a85.
> ---
>  NEWS                   |  4 ++++
>  src/extent-scan.c      | 12 +++++++++---
>  tests/cp/fiemap-FMR.sh | 31 +++++++++++++++++++++++++++++++
>  tests/local.mk         |  1 +
>  4 files changed, 45 insertions(+), 3 deletions(-)
>  create mode 100755 tests/cp/fiemap-FMR.sh
> 
> diff --git a/NEWS b/NEWS
> index aff5bf1..46ce698 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -12,6 +12,10 @@ GNU coreutils NEWS                                    -*- outline -*-
> 
>  ** Bug fixes
> 
> +  cp could read from freed memory and could even make corrupt copies.
> +  This could happen only with a very fragmented input file and when using
> +  its FIEMAP/extent-based copying code.  [bug introduced in coreutils-8.11]

As the bug is in extent-scan.c, doesn't it also affect mv (and ginstall)?

In src/local.mk:

  copy_sources = \
    src/copy.c \
    src/cp-hash.c \
    src/extent-scan.c \
    src/extent-scan.h

  ...
  src_ginstall_SOURCES = src/install.c src/prog-fprintf.c $(copy_sources)
  ...
  src_cp_SOURCES = src/cp.c $(copy_sources)
  ...
  src_mv_SOURCES = src/mv.c src/remove.c $(copy_sources)



Have a nice day,
Berny
This bug report was last modified 6 years and 220 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.