NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/47676: Off-by-one error in reported CD capacity means last sector cannot be read

>Number:         47676
>Category:       kern
>Synopsis:       Off-by-one error in reported CD capacity means last sector 
>cannot be read
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 21 11:15:00 +0000 2013
>Originator:     Mark
>Release:        Any after 4.0
There is an off-by-one bug in NetBSD's CD capacity code.

For example, doing
  dd if=/dev/rcd0c of=my_cd_image.iso bs=2048
creates an image file which has the last sector missing. Also doing
  md5 /dev/rcd0c
to generate a checksum of a just-burned CD to compare with a published checksum 
will fail.

I have been testing various versions of NetBSD/amiga with the WinUAE Amiga 
emulator. In the course of that, I discovered this bug which appeared somewhere 
between NetBSD 3.1.1 and NetBSD 4.0.

The bug is in the read_cd_capacity() function in src/sys/dev/scsipi/cd.c
The bug first appeared in version 1.227. The corresponding function name in 
earlier versions was cd_size().
Compare line 1662 of version 1.226 with line 1643 of version 1.227:

1.226 line 1662:
       size = _4btol(data.addr) + 1;

1.227 line 1643:
       *size = _4btol(data.addr);

Insert a CD-ROM. Use dd to read it and notice the last sector is omitted from 
the image file. Do the same with NetBSD 3.1 (or another OS) and it works 
In the current version 1.310 of src/sys/dev/scsipi/cd.c the problem line is 
1821. Change that from
        *size    = _4btol(cap.addr);
        *size    = _4btol(cap.addr) + 1;

Home | Main Index | Thread Index | Old Index