Package: parted / 3.2-7

fat16-resize-crash.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
From bdfd201a2f5b8090c7ba1208fe5531d0dceecf49 Mon Sep 17 00:00:00 2001
From: Mike Fleetwood <mike.fleetwood@googlemail.com>
Date: Sun, 28 Sep 2014 16:15:48 +0100
Subject: lib-fs-resize: Prevent crash resizing FAT16 file systems

Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c
create_resize_context() because it was dereferencing NULL pointer
fs_info->info_sector to copy the info_sector.

Only FAT32 file systems have info_sector populated by fat_open() ->
fat_info_sector_read().  FAT12 and FAT16 file systems don't have an
info_sector so pointer fs_info->info_sector remains assigned NULL from
fat_alloc().  When resizing a FAT file system create_resize_context()
was always dereferencing fs_info->info_sector to memory copy the
info_sector, hence it crashed for FAT12 and FAT16.

Make create_resize_context() only copy the info_sector for FAT32 file
systems.

Reported by Christian Hesse in
https://bugzilla.gnome.org/show_bug.cgi?id=735669

Origin: upstream, http://git.savannah.gnu.org/cgit/parted.git/commit/?id=1e9e770f4bc7f3d80e09ecd1df58575fad064163
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=735669
Last-Update: 2014-11-06

Patch-Name: fat16-resize-crash.patch
---
 libparted/fs/r/fat/resize.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/libparted/fs/r/fat/resize.c b/libparted/fs/r/fat/resize.c
index 919acf0..bfe60a0 100644
--- a/libparted/fs/r/fat/resize.c
+++ b/libparted/fs/r/fat/resize.c
@@ -668,11 +668,17 @@ create_resize_context (PedFileSystem* fs, const PedGeometry* new_geom)
 
 /* preserve boot code, etc. */
 	new_fs_info->boot_sector = ped_malloc (new_geom->dev->sector_size);
-	new_fs_info->info_sector = ped_malloc (new_geom->dev->sector_size);
 	memcpy (new_fs_info->boot_sector, fs_info->boot_sector,
 		new_geom->dev->sector_size);
-	memcpy (new_fs_info->info_sector, fs_info->info_sector,
-		new_geom->dev->sector_size);
+	new_fs_info->info_sector = NULL;
+	if (fs_info->fat_type == FAT_TYPE_FAT32)
+	{
+		PED_ASSERT (fs_info->info_sector != NULL);
+		new_fs_info->info_sector =
+			ped_malloc (new_geom->dev->sector_size);
+		memcpy (new_fs_info->info_sector, fs_info->info_sector,
+			new_geom->dev->sector_size);
+	}
 
 	new_fs_info->logical_sector_size = fs_info->logical_sector_size;
 	new_fs_info->sector_count = new_geom->length;