netbsd-bugs: bin/32194: makefs -t cd9660 segfaults creating specfic filesystem

Subject: bin/32194: makefs -t cd9660 segfaults creating specfic filesystem
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <riz@tastylime.net>
List: netbsd-bugs
Date: 11/30/2005 00:03:00
>Number:         32194
>Category:       bin
>Synopsis:       makefs -t cd9660 segfaults creating specfic filesystem
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 30 00:03:00 +0000 2005
>Originator:     Jeff Rizzo
>Release:        3.99.11
>Organization:
TASTY LIME
>Environment:
NetBSD grendel 3.99.11 NetBSD 3.99.11 (GRENDEL) #6: Sat Nov 26 15:12:56 PST 2005  riz@grendel:/usr/src/sys/arch/macppc/compile/GRENDEL macppc

>Description:
Using makefs to create a filesystem of two files ("example.1" and "example.10") causes makefs to segfault.

gdb on a debugging binary yields this:

GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc--netbsd"...
Core was generated by `makefs'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
#0  0x01804b10 in cd9660_sort_nodes (node=0x1863000) at cd9660.c:1200
1200                            TAILQ_INSERT_BEFORE(node, next, cn_next_child);
(gdb) l
1195                                    return;
1196                            else if (strcmp(next->isoDirRecord->name,
1197                                            cn->isoDirRecord->name) >= 0)
1198                                    continue;
1199                            TAILQ_REMOVE(&node->cn_children, next, cn_next_child);
1200                            TAILQ_INSERT_BEFORE(node, next, cn_next_child);
1201                            break;
1202                    }
1203            } while (cn != NULL);
1204    }
(gdb) bt
#0  0x01804b10 in cd9660_sort_nodes (node=0x1863000) at cd9660.c:1200
#1  0x018049fc in cd9660_sorting_nodes (node=0x1863000) at cd9660.c:1183
#2  0x018052cc in cd9660_convert_structure (root=0x1862080, 
    parent_node=0x1863000, level=1, numDirectories=0xffffd57c, 
    error=0xffffd58c) at cd9660.c:1459
#3  0x018031d4 in cd9660_makefs (image=0xffffd846 "garbage.iso", 
    dir=0xffffd852 "TEST3", root=0x1862040, fsopts=0xffffd5e0) at cd9660.c:491
#4  0x0181a240 in main (argc=2, argv=0xffffd710) at makefs.c:273

(gdb)
>How-To-Repeat:
mkdir TEMP; touch TEMP/example.1 TEMP/example.10
makefs -t cd9660 foo.iso TEMP

<segfault>


>Fix:
None known yet;  I managed to find the heart of the problem out of a 300M filesystem, but have not yet had time to learn the actual cause yet.  (TAILQ stuff is not my forte).  I will probably look into this eventually unless someone beats me to it.