SOURCES: e2fsprogs-ea-segfault.patch (NEW) [BUGFIX]: E2fsck will s...

arekm arekm at pld-linux.org
Mon Dec 12 23:57:59 CET 2005 

Author: arekm                        Date: Mon Dec 12 22:57:59 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
[BUGFIX]: E2fsck will segfault on disconnected inode with extended attribute(s)

---- Files affected:
SOURCES:
   e2fsprogs-ea-segfault.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/e2fsprogs-ea-segfault.patch
diff -u /dev/null SOURCES/e2fsprogs-ea-segfault.patch:1.1
--- /dev/null	Mon Dec 12 23:57:59 2005
+++ SOURCES/e2fsprogs-ea-segfault.patch	Mon Dec 12 23:57:54 2005
@@ -0,0 +1,107 @@
+# HG changeset patch
+# User tytso at mit.edu
+# Date Mon Jul  4 17:53:36 2005
+# Node ID 0502b63a5be9cb490c0c9086fa05edc1b1712a78
+# parent: cfa81ec1f92f63b70060bc4340e830adc635c8c4
+[BUGFIX]: E2fsck will segfault on disconnected inode with extended attribute(s)
+
+This was actually caused by two bugs.  The first bug is that if the
+inode has been fully fixed up, the code will attempt to remove the
+inode from the inode_bad_map without checking to see if this bitmap is
+present.  Since it is cleared at the end of pass 2, if
+e2fsck_process_bad_inode is called in pass 4 (as it is for
+disconnected inodes), this would result in a core dump.
+
+The first bug was mostly hidden by a second bug, which caused
+e2fsck_process_bad_inode() to consider all inodes without an extended
+attribute to be not fixed.
+
+Note: This bug was introduced in e2fsprogs 1.36.
+
+(Addresses Debian Bug: #316736)
+
+
+
+--- a/e2fsck/ChangeLog	Mon Jul  4 17:24:40 2005
++++ b/e2fsck/ChangeLog	Mon Jul  4 17:53:36 2005
+@@ -1,3 +1,19 @@
++2005-07-04  Theodore Ts'o  <tytso at mit.edu>
++
++	* pass2.c (e2fsck_process_bad_inode): Fixed bug which could cause
++		e2fsck to core dump if a disconnected inode contained an
++		extended attribute.  This was actually caused by two bugs.
++		The first bug is that if the inode has been fully fixed
++		up, the code will attempt to remove the inode from the
++		inode_bad_map without checking to see if this bitmap is
++		present.  Since it is cleared at the end of pass 2, if
++		e2fsck_process_bad_inode is called in pass 4 (as it is for
++		disconnected inodes), this would result in a core dump.
++		This bug was mostly hidden by a second bug, which caused
++		e2fsck_process_bad_inode() to consider all inodes without
++		an extended attribute to be not fixed.  (Addresses Debian
++		Bug: #316736)
++
+ 2006-06-30  Theodore Ts'o  <tytso at mit.edu>
+ 
+ 	* Release of E2fsprogs 1.38
+--- a/e2fsck/pass2.c	Mon Jul  4 17:24:40 2005
++++ b/e2fsck/pass2.c	Mon Jul  4 17:53:36 2005
+@@ -1184,27 +1184,29 @@
+ 	pctx.inode = &inode;
+ 
+ 	if (inode.i_file_acl &&
+-	    !(fs->super->s_feature_compat & EXT2_FEATURE_COMPAT_EXT_ATTR) &&
+-	    fix_problem(ctx, PR_2_FILE_ACL_ZERO, &pctx)) {
+-		inode.i_file_acl = 0;
++	    !(fs->super->s_feature_compat & EXT2_FEATURE_COMPAT_EXT_ATTR)) {
++		if (fix_problem(ctx, PR_2_FILE_ACL_ZERO, &pctx)) {
++			inode.i_file_acl = 0;
+ #ifdef EXT2FS_ENABLE_SWAPFS
+-		/* 
+-		 * This is a special kludge to deal with long symlinks
+-		 * on big endian systems.  i_blocks had already been
+-		 * decremented earlier in pass 1, but since i_file_acl
+-		 * hadn't yet been cleared, ext2fs_read_inode()
+-		 * assumed that the file was short symlink and would
+-		 * not have byte swapped i_block[0].  Hence, we have
+-		 * to byte-swap it here.
+-		 */
+-		if (LINUX_S_ISLNK(inode.i_mode) &&
+-		    (fs->flags & EXT2_FLAG_SWAP_BYTES) &&
+-		    (inode.i_blocks == fs->blocksize >> 9))
+-			inode.i_block[0] = ext2fs_swab32(inode.i_block[0]);
++			/* 
++			 * This is a special kludge to deal with long
++			 * symlinks on big endian systems.  i_blocks
++			 * had already been decremented earlier in
++			 * pass 1, but since i_file_acl hadn't yet
++			 * been cleared, ext2fs_read_inode() assumed
++			 * that the file was short symlink and would
++			 * not have byte swapped i_block[0].  Hence,
++			 * we have to byte-swap it here.
++			 */
++			if (LINUX_S_ISLNK(inode.i_mode) &&
++			    (fs->flags & EXT2_FLAG_SWAP_BYTES) &&
++			    (inode.i_blocks == fs->blocksize >> 9))
++				inode.i_block[0] = ext2fs_swab32(inode.i_block[0]);
+ #endif
+-		inode_modified++;
+-	} else
+-		not_fixed++;
++			inode_modified++;
++		} else
++			not_fixed++;
++	}
+ 
+ 	if (!LINUX_S_ISDIR(inode.i_mode) && !LINUX_S_ISREG(inode.i_mode) &&
+ 	    !LINUX_S_ISCHR(inode.i_mode) && !LINUX_S_ISBLK(inode.i_mode) &&
+@@ -1302,7 +1304,7 @@
+ 
+ 	if (inode_modified)
+ 		e2fsck_write_inode(ctx, ino, &inode, "process_bad_inode");
+-	if (!not_fixed)
++	if (!not_fixed && ctx->inode_bad_map)
+ 		ext2fs_unmark_inode_bitmap(ctx->inode_bad_map, ino);
+ 	return 0;
+ }
+
================================================================

More information about the pld-cvs-commit mailing list