From unknown Fri Jun 20 07:21:50 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#34392 <34392@debbugs.gnu.org> To: bug#34392 <34392@debbugs.gnu.org> Subject: Status: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. Reply-To: bug#34392 <34392@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:21:50 +0000 retitle 34392 [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic acc= idently found. reassign 34392 parted submitter 34392 Mike Small severity 34392 normal tag 34392 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 08 18:11:53 2019 Received: (at submit) by debbugs.gnu.org; 8 Feb 2019 23:11:54 +0000 Received: from localhost ([127.0.0.1]:40289 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gsFJJ-0003Dm-Fj for submit@debbugs.gnu.org; Fri, 08 Feb 2019 18:11:53 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44883) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gsFBz-00030H-3G for submit@debbugs.gnu.org; Fri, 08 Feb 2019 18:04:20 -0500 Received: from lists.gnu.org ([209.51.188.17]:52262) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gsFBt-0006KF-VJ for submit@debbugs.gnu.org; Fri, 08 Feb 2019 18:04:14 -0500 Received: from eggs.gnu.org ([209.51.188.92]:59259) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gsFBs-0008Gn-AP for bug-parted@gnu.org; Fri, 08 Feb 2019 18:04:13 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gsFBq-0006Ge-Tw for bug-parted@gnu.org; Fri, 08 Feb 2019 18:04:12 -0500 Received: from mx.sdf.org ([205.166.94.20]:51291) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gsFBq-0006DE-IA for bug-parted@gnu.org; Fri, 08 Feb 2019 18:04:10 -0500 Received: from sdf.org (IDENT:smallm@sverige.freeshell.org [205.166.94.5]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id x18N3tUf012724 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO) for ; Fri, 8 Feb 2019 23:03:56 GMT Received: (from smallm@localhost) by sdf.org (8.15.2/8.12.8/Submit) id x18N3t7j020178; Fri, 8 Feb 2019 23:03:55 GMT From: Mike Small To: bug-parted@gnu.org Subject: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. Date: Fri, 08 Feb 2019 23:03:55 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 08 Feb 2019 18:11:52 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hi, Someone shared with me a case where parted 3.2 (3.2-15 as packaged in Ubuntu Xenial) hit a sigsegv when run as follows: parted -m -s /dev/sda print When I looked into it, it appeared that they were extremely, extremely unlucky. It's not the same nilfs problem Jim Meyering fixed back in 3.1. They just happened to have data that looked like the magic number for a nilfs2 superblock in just the right place for parted to think there might be a secondary nilfs superblock. So parted tried to do a crc32 check on that sector (+ 512 more bytes beyond the end of it), but with most of the struct being invalid in ways that led to reading beyond the buffer allocated by alloca in nilfs2_probe(). The partition table looked like this (using sfdisk here since I don't haven't put my fixed version of parted on the machine yet): ~# sfdisk -l /dev/sda Disk /dev/sda: 233.8 GiB, 251059544064 bytes, 490350672 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x00000000 Device Boot Start End Sectors Size Id Type /dev/sda1 4096 10489855 10485760 5G 83 Linux /dev/sda2 10489856 23072767 12582912 6G 83 Linux /dev/sda3 23072768 60821503 37748736 18G 83 Linux /dev/sda4 60821504 490350591 429529088 204.8G 83 Linux The strace just before the sigsegv shows the seeks and reads, one near the beginning and one near the end of sd3, that happen in is_valid_nilfs_sb(): ... read(3, "C\16\322EC\213\234\224i(-f\365,\214\256\n\247\"x\350\0372\n0%]\242\5QJ\16"..., 512) = 512 lseek(3, 7168, SEEK_SET) = 7168 read(3, "F\241\245\35\260\263\306\7\2\211U\16\326\275ph\225\370\273\222\272Q\332\274\346\323\365\251\370f?\5"..., 512) = 512 lseek(3, 7680, SEEK_SET) = 7680 read(3, "\340\216\364*\365\347\25H\373\4|\33FQ\23\252\376tX:\345\227\342!\324(j;k-\227b"..., 512) = 512 lseek(3, 5370806272, SEEK_SET) = 5370806272 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 512) = 512 lseek(3, 11813388288, SEEK_SET) = 11813388288 read(3, " \200\0\0 \200\1\0 \200\2\0 \200\3\0 \200\4\0 \200\f\0 \200\r\0 \200\30\0"..., 512) = 512 lseek(3, 11813322752, SEEK_SET) = 11813322752 read(3, "\20\200\0\0\20\200\1\0\20\200\2\0\20\200\3\0\20\200\4\0\20\200\f\0\20\200\r\0\20\200\30\0"..., 512) = 512 lseek(3, 11813257216, SEEK_SET) = 11813257216 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096 lseek(3, 31140605952, SEEK_SET) = 31140605952 read(3, "42 42 44\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 512) = 512 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7ffcddd26000} --- write(2, "\n\nYou found a bug in GNU Parted!"..., 828 ... The person sent me these sectors, so I was able to create a vm with the same layout and dd in the unfortunate sector data at byte 31140605952 (sector 60821496). With that I reproduced the bug with gdb and saw this stack trace. Notice the value of len passed to __efi_crc32(): (gdb) set args -s /dev/vda print (gdb) run Starting program: /root/parted/parted/.libs/lt-parted -s /dev/vda print [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7ba8bbe in __efi_crc32 (buf=0x7fffffffd3c4, len=18446744073709551606, seed=2213123465) at efi_crc32.c:122 122 efi_crc32.c: No such file or directory. (gdb) bt #0 0x00007ffff7ba8bbe in __efi_crc32 (buf=0x7fffffffd3c4, len=18446744073709551606, seed=2213123465) at efi_crc32.c:122 #1 0x00007ffff7b9f571 in is_valid_nilfs_sb (sb=0x7fffffffd3b0) at nilfs2/nilfs2.c:97 #2 0x00007ffff7b9f764 in nilfs2_probe (geom=0x61de38) at nilfs2/nilfs2.c:124 #3 0x00007ffff7b8ba4b in ped_file_system_probe_specific ( fs_type=0x7ffff7dd20c0 , geom=0x61de38) at filesys.c:203 #4 0x00007ffff7b8bc96 in ped_file_system_probe (geom=0x61de38) at filesys.c:273 #5 0x00007ffff7ba3614 in read_table (disk=0x61e1e0, sector=0, is_extended_table=0) at dos.c:1050 #6 0x00007ffff7ba3850 in msdos_read (disk=0x61e1e0) at dos.c:1106 #7 0x00007ffff7b8d912 in ped_disk_new (dev=0x61e130) at disk.c:200 #8 0x000000000040764e in do_print (dev=0x7fffffffeb08, diskp=0x7fffffffeb10) at parted.c:1067 #9 0x0000000000405346 in command_run (cmd=0x617650, dev=0x7fffffffeb08, diskp=0x7fffffffeb10) at command.c:141 #10 0x000000000040ea27 in non_interactive_mode (dev=0x7fffffffeb08, disk=0x7fffffffeb10, cmd_list=0x6146c0 , argc=1, argv=0x7fffffffec20) at ui.c:1636 #11 0x000000000040abd2 in main (argc=1, argv=0x7fffffffec20) at parted.c:2295 There were two problems I saw: 1. is_valid_nilfs_sb() should make sure the subtraction bytes - sumoff - 4 won't give a negative number. I saw 10 for bytes and 16 for sumoff and that was why the len argument to __efi_crc32() was so strange, the negative number being sent over to an unsigned long. 2. Not sure if you'll want to do this part differently than my patch does, but nilfs2_probe() should read and allocate enough sectors to hold a struct nilfs2_super_block. is_valid_nilfs_sb() will be passing up to 1024 bytes to __efi_crc32(). If only one 512 byte sector had been allocated with alloca and read from disk that would cause reads off the the end of the stack even if bytes were more than sumoff - 4. This isn't the case I saw but I think it would be a problem if s_bytes happened to be between 508 and 1024. I've attached a patch and tested it in my vm. I wanted to get this out to you before I go away for the weekend, but if you'd like me to try to write a test I could attempt that next week, perhaps. Regards, Mike Small --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=avoid-sigsegv-nilfs2-crc32.patch From: Michael Small Date: Fri, 8 Feb 2019 17:01:43 -0500 Subject: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. 1. is_valid_nilfs_sb: make sure the subtraction bytes - sumoff - 4 won't give a negative number. That as the len argument to __efi_crc32() would give a very large number for the latter's for loop limit, since len is unsigned long. 2. nilfs2_probe: Read and allocate enough sectors to hold a struct nilfs2_super_block. is_valid_nilfs_sb() will be passing up to 1024 bytes to __efi_crc32(). If only one 512 byte sector had been allocated with alloca and read from disk that would cause reads off the the end of the stack even if bytes were more than sumoff - 4. 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libparted/fs/nilfs2/nilfs2.c b/libparted/fs/nilfs2/nilfs2.c index b42a464..9ad1bfc 100644 --- a/libparted/fs/nilfs2/nilfs2.c +++ b/libparted/fs/nilfs2/nilfs2.c @@ -89,7 +89,7 @@ is_valid_nilfs_sb(struct nilfs2_super_block *sb) return 0; bytes = PED_LE16_TO_CPU(sb->s_bytes); - if (bytes > 1024) + if (bytes > 1024 || bytes < sumoff - 4) return 0; crc = __efi_crc32(sb, sumoff, PED_LE32_TO_CPU(sb->s_crc_seed)); @@ -113,11 +113,13 @@ nilfs2_probe (PedGeometry* geom) const int sectors = (4096 + geom->dev->sector_size - 1) / geom->dev->sector_size; char *buf = alloca (sectors * geom->dev->sector_size); - void *buff2 = alloca (geom->dev->sector_size); + const int sectors2 = sizeof(struct nilfs2_super_block) / geom->dev->sector_size + + (sizeof(struct nilfs2_super_block) % geom->dev->sector_size == 0) ? 0 : 1; + void *buff2 = alloca (sectors2 * geom->dev->sector_size); if (ped_geometry_read(geom, buf, 0, sectors)) sb = (struct nilfs2_super_block *)(buf+1024); - if (ped_geometry_read(geom, buff2, sb2off, 1)) + if (ped_geometry_read(geom, buff2, sb2off, sectors2)) sb2 = buff2; if ((!sb || !is_valid_nilfs_sb(sb)) && -- 2.7.4 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 11 14:59:43 2019 Received: (at 34392) by debbugs.gnu.org; 11 Feb 2019 19:59:43 +0000 Received: from localhost ([127.0.0.1]:44128 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtHjy-0003h0-NL for submit@debbugs.gnu.org; Mon, 11 Feb 2019 14:59:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37566) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtHjv-0003gm-UC for 34392@debbugs.gnu.org; Mon, 11 Feb 2019 14:59:41 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 396A6C0740E4; Mon, 11 Feb 2019 19:59:34 +0000 (UTC) Received: from lister.brianlane.com (ovpn-112-38.phx2.redhat.com [10.3.112.38]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A95B610027DA; Mon, 11 Feb 2019 19:59:33 +0000 (UTC) Date: Mon, 11 Feb 2019 11:59:31 -0800 From: "Brian C. Lane" To: Mike Small Subject: Re: bug#34392: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. Message-ID: <20190211195931.GG4594@lister.brianlane.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 11 Feb 2019 19:59:34 +0000 (UTC) X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 34392 Cc: 34392@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) On Fri, Feb 08, 2019 at 11:03:55PM +0000, Mike Small wrote: > Hi, > > Someone shared with me a case where parted 3.2 (3.2-15 as packaged in > Ubuntu Xenial) hit a sigsegv when run as follows: Good job tracking this down! Yes, a test would be good to have, I think this is one of those corner cases that can bite people and lead to lots of confusion :) > crc = __efi_crc32(sb, sumoff, PED_LE32_TO_CPU(sb->s_crc_seed)); > @@ -113,11 +113,13 @@ nilfs2_probe (PedGeometry* geom) > const int sectors = (4096 + geom->dev->sector_size - 1) / > geom->dev->sector_size; > char *buf = alloca (sectors * geom->dev->sector_size); > - void *buff2 = alloca (geom->dev->sector_size); > + const int sectors2 = sizeof(struct nilfs2_super_block) / geom->dev->sector_size + > + (sizeof(struct nilfs2_super_block) % geom->dev->sector_size == 0) ? 0 : 1; This calculation is correct, but I find it hard to read. If you use the same technique as it does for sectors it would be easier to understand in the future, and I don't think the superblock size is going to change. -- Brian C. Lane (PST8PDT) From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 12 11:42:04 2019 Received: (at 34392) by debbugs.gnu.org; 12 Feb 2019 16:42:04 +0000 Received: from localhost ([127.0.0.1]:45085 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtb8G-0006Lv-Ag for submit@debbugs.gnu.org; Tue, 12 Feb 2019 11:42:04 -0500 Received: from ol.sdf.org ([205.166.94.20]:65419 helo=mx.sdf.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtb8D-0006LQ-2T for 34392@debbugs.gnu.org; Tue, 12 Feb 2019 11:42:02 -0500 Received: from sdf.org (IDENT:smallm@sverige.freeshell.org [205.166.94.5]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id x1CGfnrt006600 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO); Tue, 12 Feb 2019 16:41:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sdf.org; s=default; t=1549989718; bh=6d0seM3wobsqwG1OLaQO1srFburNq8WQ++naSdUR1nQ=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=IepatmMWwjWX4j2vUtIRkfo8Ew9zFIq3nG/9/NlA9zn070bFlJKJDgFXHhejIw86U BpwocEv5T8rNHGtdqSyhXiCkTpKbYIT7v/PY5DrSscREWdxfHpTqRtsVftVH3W8oEU mYUSZrYsGqTa1RWTcIF/rTr4un5vcok4krwUfwEI= Received: (from smallm@localhost) by sdf.org (8.15.2/8.12.8/Submit) id x1CGfmhf024053; Tue, 12 Feb 2019 16:41:48 GMT From: Mike Small To: "Brian C. Lane" Subject: Re: bug#34392: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. References: <20190211195931.GG4594@lister.brianlane.com> Date: Tue, 12 Feb 2019 16:41:47 +0000 In-Reply-To: <20190211195931.GG4594@lister.brianlane.com> (Brian C. Lane's message of "Mon, 11 Feb 2019 11:59:31 -0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34392 Cc: 34392@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Brian C. Lane" writes: > On Fri, Feb 08, 2019 at 11:03:55PM +0000, Mike Small wrote: >> Hi, >> >> Someone shared with me a case where parted 3.2 (3.2-15 as packaged in >> Ubuntu Xenial) hit a sigsegv when run as follows: > > Good job tracking this down! Yes, a test would be good to have, I think > this is one of those corner cases that can bite people and lead to lots > of confusion :) I'll start working on the tests today. Maybe I should try installing nilfs on a partition and make sure that still works too after the patch is in good shape. > >> crc = __efi_crc32(sb, sumoff, PED_LE32_TO_CPU(sb->s_crc_seed)); >> @@ -113,11 +113,13 @@ nilfs2_probe (PedGeometry* geom) >> const int sectors = (4096 + geom->dev->sector_size - 1) / >> geom->dev->sector_size; >> char *buf = alloca (sectors * geom->dev->sector_size); >> - void *buff2 = alloca (geom->dev->sector_size); >> + const int sectors2 = sizeof(struct nilfs2_super_block) / geom->dev->sector_size + >> + (sizeof(struct nilfs2_super_block) % geom->dev->sector_size == 0) ? 0 : 1; > > This calculation is correct, but I find it hard to read. If you use the > same technique as it does for sectors it would be easier to understand > in the future, and I don't think the superblock size is going to change. Probably I should have spent more time trying to understand the way sectors was calculated or asked about it before submitting the patch. It confused me, since in my case, where geom->dev->sector_size was 512, that calculation gave a size that meant eight 512 byte sectors were read instead of two (sizeof nilfs2_super_block = 1024): (4096 + 512 - 1) / 512 = 8. And that's what it did, except all at once, based on the strace... lseek(3, 11813257216, SEEK_SET) = 11813257216 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096 And then there was the 1024 offset introduced when assigning to the primary superblock, sb, which I didn't understand the purpose of... if (ped_geometry_read(geom, buf, 0, sectors)) sb = (struct nilfs2_super_block *)(buf+1024); I wasn't sure if reading the extra six sectors for the 2nd superblock would be okay, e.g. if the superblock was really close to the end of a disk. And in general there are these things about reading the first superblock which I don't understand, so I'm unclear if the two lengths should be computed the same way. If so should we look for the 2nd superblock 1024 bytes into the 4096 bytes read like we do for the 1st superblock? -- Mike Small smallm@sdf.org From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 12 12:56:13 2019 Received: (at 34392) by debbugs.gnu.org; 12 Feb 2019 17:56:13 +0000 Received: from localhost ([127.0.0.1]:45146 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtcI1-0001pi-56 for submit@debbugs.gnu.org; Tue, 12 Feb 2019 12:56:13 -0500 Received: from mx1.redhat.com ([209.132.183.28]:43228) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtcHz-0001pV-Nw for 34392@debbugs.gnu.org; Tue, 12 Feb 2019 12:56:12 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3536FAC5E8; Tue, 12 Feb 2019 17:56:06 +0000 (UTC) Received: from lister.brianlane.com (ovpn-112-38.phx2.redhat.com [10.3.112.38]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 75C2D6019F; Tue, 12 Feb 2019 17:56:05 +0000 (UTC) Date: Tue, 12 Feb 2019 09:56:02 -0800 From: "Brian C. Lane" To: Mike Small Subject: Re: bug#34392: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. Message-ID: <20190212175602.GI4594@lister.brianlane.com> References: <20190211195931.GG4594@lister.brianlane.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 12 Feb 2019 17:56:06 +0000 (UTC) X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 34392 Cc: 34392@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) On Tue, Feb 12, 2019 at 04:41:47PM +0000, Mike Small wrote: > "Brian C. Lane" writes: > > > On Fri, Feb 08, 2019 at 11:03:55PM +0000, Mike Small wrote: > >> Hi, > >> > >> Someone shared with me a case where parted 3.2 (3.2-15 as packaged in > >> Ubuntu Xenial) hit a sigsegv when run as follows: > > > > Good job tracking this down! Yes, a test would be good to have, I think > > this is one of those corner cases that can bite people and lead to lots > > of confusion :) > > I'll start working on the tests today. Maybe I should try installing > nilfs on a partition and make sure that still works too after the patch > is in good shape. That's probably a good idea. > > > > >> crc = __efi_crc32(sb, sumoff, PED_LE32_TO_CPU(sb->s_crc_seed)); > >> @@ -113,11 +113,13 @@ nilfs2_probe (PedGeometry* geom) > >> const int sectors = (4096 + geom->dev->sector_size - 1) / > >> geom->dev->sector_size; > >> char *buf = alloca (sectors * geom->dev->sector_size); > >> - void *buff2 = alloca (geom->dev->sector_size); > >> + const int sectors2 = sizeof(struct nilfs2_super_block) / geom->dev->sector_size + > >> + (sizeof(struct nilfs2_super_block) % geom->dev->sector_size == 0) ? 0 : 1; > > > > This calculation is correct, but I find it hard to read. If you use the > > same technique as it does for sectors it would be easier to understand > > in the future, and I don't think the superblock size is going to change. > > Probably I should have spent more time trying to understand the way > sectors was calculated or asked about it before submitting the patch. It > confused me, since in my case, where geom->dev->sector_size was 512, > that calculation gave a size that meant eight 512 byte sectors were read > instead of two (sizeof nilfs2_super_block = 1024): > > (4096 + 512 - 1) / 512 = 8. > > And that's what it did, except all at once, based on the strace... > > lseek(3, 11813257216, SEEK_SET) = 11813257216 > read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096 > > And then there was the 1024 offset introduced when assigning to the > primary superblock, sb, which I didn't understand the purpose of... > > if (ped_geometry_read(geom, buf, 0, sectors)) > sb = (struct nilfs2_super_block *)(buf+1024); > > > I wasn't sure if reading the extra six sectors for the 2nd superblock > would be okay, e.g. if the superblock was really close to the end of a > disk. And in general there are these things about reading the first > superblock which I don't understand, so I'm unclear if the two lengths > should be computed the same way. If so should we look for the 2nd > superblock 1024 bytes into the 4096 bytes read like we do for the 1st > superblock? I can't seem to find a decent reference for NILFS other than this code and the linux kernel code so I'm not sure why it reads so much for the first one. I think you've got the logic right, I just think it would be easier to read as: sectors2 = (1024 + geom->dev->sector_size - 1) / geom->dev->sector_size; When reading the 2nd superblock it looks like it starts on a sector boundary so that's why it doesn't need the 4096 offset. -- Brian C. Lane (PST8PDT) From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 13 16:33:56 2019 Received: (at 34392) by debbugs.gnu.org; 13 Feb 2019 21:33:56 +0000 Received: from localhost ([127.0.0.1]:47416 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gu2A5-000513-Jo for submit@debbugs.gnu.org; Wed, 13 Feb 2019 16:33:56 -0500 Received: from mx.sdf.org ([205.166.94.20]:63049) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gu2A3-00050u-2N for 34392@debbugs.gnu.org; Wed, 13 Feb 2019 16:33:44 -0500 Received: from sdf.org (IDENT:smallm@sverige.freeshell.org [205.166.94.5]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id x1DLXaCq004070 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO); Wed, 13 Feb 2019 21:33:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sdf.org; s=default; t=1550093621; bh=6Fw46EAbEyKzaXBknFqQhneOXpCLJG3NiKmxrlz8sUY=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=GAnL9bVag/i+Zx6YZLbAirNh5eIP4pRG5J20kt9pYW0vPWf99uvXfHN3vqfU7wQ9b ce8Ka0gei6wLgQZ3q3HkFUCCRmJf1+O95bOfxlLnSsG/6aBOVFb3ENQ0sbWwbvVr/X StBiKRWVLGH/J2e1aG/svbztXbyghLRnpj1uM3wU= Received: (from smallm@localhost) by sdf.org (8.15.2/8.12.8/Submit) id x1DLXZi0017737; Wed, 13 Feb 2019 21:33:35 GMT From: Mike Small To: "Brian C. Lane" Subject: Re: bug#34392: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. References: <20190211195931.GG4594@lister.brianlane.com> <20190212175602.GI4594@lister.brianlane.com> Date: Wed, 13 Feb 2019 21:33:35 +0000 In-Reply-To: <20190212175602.GI4594@lister.brianlane.com> (Brian C. Lane's message of "Tue, 12 Feb 2019 09:56:02 -0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34392 Cc: 34392@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain "Brian C. Lane" writes: > On Tue, Feb 12, 2019 at 04:41:47PM +0000, Mike Small wrote: >> "Brian C. Lane" writes: >> >> > On Fri, Feb 08, 2019 at 11:03:55PM +0000, Mike Small wrote: >> >> Hi, >> >> >> >> Someone shared with me a case where parted 3.2 (3.2-15 as packaged in >> >> Ubuntu Xenial) hit a sigsegv when run as follows: >> > >> > Good job tracking this down! Yes, a test would be good to have, I think >> > this is one of those corner cases that can bite people and lead to lots >> > of confusion :) >> >> I'll start working on the tests today. Maybe I should try installing >> nilfs on a partition and make sure that still works too after the patch >> is in good shape. > > That's probably a good idea. I've attached a patch with a test case that fails without the fix. I've also included a nearly identical test that tries to check the case where the s_bytes field has a reasonable value but one that should make the crc32 check run over bytes beyond the end of what alloca set aside on the stack. Unfortunately, reading that far out on the stack doesn't seem to run into any problem, so the test passed even without the fix. Maybe you won't want that test. When I looked more closely at your tests I saw that t1700 tests detection of a nilfs2 filesystem as long as it's run with PARTED_SECTOR_SIZE=512. That test passed with or without this fix. I'll send the corrected fix in a separate email. -- Mike Small smallm@sdf.org --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=nilfs_badsb_tests.patch >From ed615cc16748c6e77ce0f859eab5cff9599feaaf Mon Sep 17 00:00:00 2001 From: Michael Small Date: Wed, 13 Feb 2019 16:05:21 -0500 Subject: [PATCH] Tests case for sigsegv when false nilfs2 superblock detected. --- tests/Makefile.am | 2 ++ tests/t4301-nilfs2-badsb2.sh | 43 ++++++++++++++++++++++++++++++++++++ tests/t4302-nilfs2-lessbadsb2.sh | 47 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100755 tests/t4301-nilfs2-badsb2.sh create mode 100755 tests/t4302-nilfs2-lessbadsb2.sh diff --git a/tests/Makefile.am b/tests/Makefile.am index 3fa75a9..0d7c022 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -66,6 +66,8 @@ TESTS = \ t4100-msdos-starting-sector.sh \ t4200-partprobe.sh \ t4300-nilfs2-tiny.sh \ + t4301-nilfs2-badsb2.sh \ + t4302-nilfs2-lessbadsb2.sh \ t5000-tags.sh \ t6000-dm.sh \ t6001-psep.sh \ diff --git a/tests/t4301-nilfs2-badsb2.sh b/tests/t4301-nilfs2-badsb2.sh new file mode 100755 index 0000000..cef8a9a --- /dev/null +++ b/tests/t4301-nilfs2-badsb2.sh @@ -0,0 +1,43 @@ +#!/bin/sh +# Trigger a nilfs2-related bug. + +# Copyright (C) 2011-2014 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/init.sh"; path_prepend_ ../parted +ss=$sector_size_ +len=32 +dev=dev-file + +dd if=/dev/zero of=$dev bs=512 count=$(($len+$ss/512)) || framework_failure_ + +end=$(($len * 512 / $ss)) +parted -s $dev mklabel msdos mkpart primary 1s ${end}s || framework_failure_ + +# Write a secondary superblock with the nilfs magic number and a nilfs +# superblock length (s_bytes) field of only 10 bytes. +# struct nilfs2_super_block starts with these four fields... +# uint32_t s_rev_level; +# uint16_t s_minor_rev_level; +# uint16_t s_magic; +# uint16_t s_bytes; +sb2_offset=$(( 24 / ($ss / 512) + 1)) +perl -e "print pack 'LSSS.', 0, 0, 0x3434, 10, $ss" | + dd of=$dev bs=$ss seek=$sb2_offset count=1 conv=notrunc + +# This used to give parted a sigsegv. +parted -s $dev print || fail=1 + +Exit $fail diff --git a/tests/t4302-nilfs2-lessbadsb2.sh b/tests/t4302-nilfs2-lessbadsb2.sh new file mode 100755 index 0000000..a46dccf --- /dev/null +++ b/tests/t4302-nilfs2-lessbadsb2.sh @@ -0,0 +1,47 @@ +#!/bin/sh +# Trigger a nilfs2-related bug. + +# Copyright (C) 2011-2014 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# This test is like t4301-nilfsbadsb2 except with an s_bytes field of +# 1024 instead of 10. This exercises a less obvious bug. + +. "${srcdir=.}/init.sh"; path_prepend_ ../parted +ss=$sector_size_ +len=32 +dev=dev-file + +dd if=/dev/zero of=$dev bs=512 count=$(($len+$ss/512)) || framework_failure_ + +end=$(($len * 512 / $ss)) +parted -s $dev mklabel msdos mkpart primary 1s ${end}s || framework_failure_ + +# Write a secondary superblock with the nilfs magic number and a nilfs +# superblock length (s_bytes) field of only 10 bytes. +# struct nilfs2_super_block starts with these four fields... +# uint32_t s_rev_level; +# uint16_t s_minor_rev_level; +# uint16_t s_magic; +# uint16_t s_bytes; +sb2_offset=$(( 24 / ($ss / 512) + 1)) +perl -e "print pack 'LSSS.', 0, 0, 0x3434, 1024, $ss" | + dd of=$dev bs=$ss seek=$sb2_offset count=1 conv=notrunc + +# This used to read past the part of the stack allocated by alloca, but +# may or may not cause a segmentation fault as a result. +parted -s $dev print || fail=1 + +Exit $fail -- 2.7.4 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 13 16:34:52 2019 Received: (at 34392) by debbugs.gnu.org; 13 Feb 2019 21:34:52 +0000 Received: from localhost ([127.0.0.1]:47420 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gu2BA-00052k-8u for submit@debbugs.gnu.org; Wed, 13 Feb 2019 16:34:52 -0500 Received: from mx.sdf.org ([205.166.94.20]:62877) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gu2B8-00052b-AD for 34392@debbugs.gnu.org; Wed, 13 Feb 2019 16:34:50 -0500 Received: from sdf.org (IDENT:smallm@sverige.freeshell.org [205.166.94.5]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id x1DLYiRY001127 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO); Wed, 13 Feb 2019 21:34:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sdf.org; s=default; t=1550093689; bh=SeSaSL3nZCj79TzWyqqH/n7p8xbn0Y2a1AhzXa+5Dyg=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=AVl7a8x4M00w/lVjwuYW4JM5jwUHPBbQ2N6PvUfYyLK7yS2cWJY+KSCngrKsXkdVF nIw0HN1zPLP3RSK4+OrtZm9yYuRsoQHwcs3ymFu3ctTCSZ7b+2OTmtN2eRqk4fobIq BhvWJRsyzlmTwfDVXcE4LzgIYbtzQEf6sYn9Fg6I= Received: (from smallm@localhost) by sdf.org (8.15.2/8.12.8/Submit) id x1DLYiLL001717; Wed, 13 Feb 2019 21:34:44 GMT From: Mike Small To: "Brian C. Lane" Subject: Re: bug#34392: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. References: <20190211195931.GG4594@lister.brianlane.com> <20190212175602.GI4594@lister.brianlane.com> Date: Wed, 13 Feb 2019 21:34:44 +0000 In-Reply-To: <20190212175602.GI4594@lister.brianlane.com> (Brian C. Lane's message of "Tue, 12 Feb 2019 09:56:02 -0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34392 Cc: 34392@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain "Brian C. Lane" writes: >> >> crc = __efi_crc32(sb, sumoff, PED_LE32_TO_CPU(sb->s_crc_seed)); >> >> @@ -113,11 +113,13 @@ nilfs2_probe (PedGeometry* geom) >> >> const int sectors = (4096 + geom->dev->sector_size - 1) / >> >> geom->dev->sector_size; >> >> char *buf = alloca (sectors * geom->dev->sector_size); >> >> - void *buff2 = alloca (geom->dev->sector_size); >> >> + const int sectors2 = sizeof(struct nilfs2_super_block) / geom->dev->sector_size + >> >> + (sizeof(struct nilfs2_super_block) % geom->dev->sector_size == 0) ? 0 : 1; >> > >> > This calculation is correct, but I find it hard to read. If you use the >> > same technique as it does for sectors it would be easier to understand >> > in the future, and I don't think the superblock size is going to change. >> >> Probably I should have spent more time trying to understand the way >> sectors was calculated or asked about it before submitting the patch. It >> confused me, since in my case, where geom->dev->sector_size was 512, >> that calculation gave a size that meant eight 512 byte sectors were read >> instead of two (sizeof nilfs2_super_block = 1024): >> >> (4096 + 512 - 1) / 512 = 8. >> >> And that's what it did, except all at once, based on the strace... >> >> lseek(3, 11813257216, SEEK_SET) = 11813257216 >> read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096 >> >> And then there was the 1024 offset introduced when assigning to the >> primary superblock, sb, which I didn't understand the purpose of... >> >> if (ped_geometry_read(geom, buf, 0, sectors)) >> sb = (struct nilfs2_super_block *)(buf+1024); >> >> >> I wasn't sure if reading the extra six sectors for the 2nd superblock >> would be okay, e.g. if the superblock was really close to the end of a >> disk. And in general there are these things about reading the first >> superblock which I don't understand, so I'm unclear if the two lengths >> should be computed the same way. If so should we look for the 2nd >> superblock 1024 bytes into the 4096 bytes read like we do for the 1st >> superblock? > > I can't seem to find a decent reference for NILFS other than this code > and the linux kernel code so I'm not sure why it reads so much for the > first one. I think you've got the logic right, I just think it would be > easier to read as: > > sectors2 = (1024 + geom->dev->sector_size - 1) / geom->dev->sector_size; > > When reading the 2nd superblock it looks like it starts on a sector > boundary so that's why it doesn't need the 4096 offset. I've attached a corrected fix with that calculation written more clearly as you suggest. -- Mike Small smallm@sdf.org --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=corrected_nilfs_badsb.patch >From 3c3b926e589ca2b2e03450bcdee42765b887e697 Mon Sep 17 00:00:00 2001 From: Michael Small Date: Fri, 8 Feb 2019 17:01:43 -0500 Subject: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. 1. is_valid_nilfs_sb: make sure the subtraction bytes - sumoff - 4 won't give a negative number. That as the len argument to __efi_crc32() would give a very large number for the latter's for loop limit, since len is unsigned long. 2. nilfs2_probe: Read and allocate enough sectors to hold a struct nilfs2_super_block. is_valid_nilfs_sb() will be passing up to 1024 bytes to __efi_crc32(). If only one 512 byte sector had been allocated with alloca and read from disk that would cause reads off the the end of the stack even if bytes were more than sumoff - 4. --- libparted/fs/nilfs2/nilfs2.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libparted/fs/nilfs2/nilfs2.c b/libparted/fs/nilfs2/nilfs2.c index b42a464..52f757c 100644 --- a/libparted/fs/nilfs2/nilfs2.c +++ b/libparted/fs/nilfs2/nilfs2.c @@ -89,7 +89,7 @@ is_valid_nilfs_sb(struct nilfs2_super_block *sb) return 0; bytes = PED_LE16_TO_CPU(sb->s_bytes); - if (bytes > 1024) + if (bytes > 1024 || bytes < sumoff - 4) return 0; crc = __efi_crc32(sb, sumoff, PED_LE32_TO_CPU(sb->s_crc_seed)); @@ -113,11 +113,13 @@ nilfs2_probe (PedGeometry* geom) const int sectors = (4096 + geom->dev->sector_size - 1) / geom->dev->sector_size; char *buf = alloca (sectors * geom->dev->sector_size); - void *buff2 = alloca (geom->dev->sector_size); + const int sectors2 = (1024 + geom->dev->sector_size -1 ) / + geom->dev->sector_size; + void *buff2 = alloca (sectors2 * geom->dev->sector_size); if (ped_geometry_read(geom, buf, 0, sectors)) sb = (struct nilfs2_super_block *)(buf+1024); - if (ped_geometry_read(geom, buff2, sb2off, 1)) + if (ped_geometry_read(geom, buff2, sb2off, sectors2)) sb2 = buff2; if ((!sb || !is_valid_nilfs_sb(sb)) && -- 2.7.4 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 09 18:55:10 2019 Received: (at 34392-done) by debbugs.gnu.org; 9 Apr 2019 22:55:10 +0000 Received: from localhost ([127.0.0.1]:52135 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hDze1-0001Ph-MG for submit@debbugs.gnu.org; Tue, 09 Apr 2019 18:55:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45002) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hDzdz-0001PQ-Qa for 34392-done@debbugs.gnu.org; Tue, 09 Apr 2019 18:55:08 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 528D6307EAA0 for <34392-done@debbugs.gnu.org>; Tue, 9 Apr 2019 22:55:02 +0000 (UTC) Received: from lister.brianlane.com (ovpn-112-45.phx2.redhat.com [10.3.112.45]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F01BE17F53 for <34392-done@debbugs.gnu.org>; Tue, 9 Apr 2019 22:55:01 +0000 (UTC) Date: Tue, 9 Apr 2019 15:54:59 -0700 From: "Brian C. Lane" To: 34392-done@debbugs.gnu.org Subject: Re: bug#34392: [PATCH] Avoid sigsegv in case 2nd nilfs2 superblock magic accidently found. Message-ID: <20190409225459.GM3948@lister.brianlane.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.3 (2019-02-01) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 09 Apr 2019 22:55:02 +0000 (UTC) X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 34392-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) THIS is the patchset pushed to master and in Fedora's parted-3.2-41 build for rawhide. Accidentally closed the wrong one earlier. -- Brian C. Lane (PST8PDT) From unknown Fri Jun 20 07:21:50 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 08 May 2019 11:24:09 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator