bin/37656: fdisk segfault on invalid MBR entries on non-x86 geometry detection

To: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: bin/37656: fdisk segfault on invalid MBR entries on non-x86 geometry detection
From: eau%phear.org@localhost
Date: Tue, 1 Jan 2008 16:20:00 +0000 (UTC)

>Number:         37656
>Category:       bin
>Synopsis:       fdisk segfault on invalid MBR entries on non-x86 geometry 
>detection
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 01 16:20:00 +0000 2008
>Originator:     Eric Auge
>Release:        netbsd 4.0
>Organization:
>Environment:
NetBSD client 4.0_STABLE NetBSD 4.0_STABLE (GENERIC) #0: Fri Dec 28
13:23:05 CET 2007
root%bearcave.no.phear.org@localhost:/usr/obj/sys/arch/cobalt/compile/GENERIC 
cobalt
>Description:
On a cobalt, after few install tests, I got the following

# fdisk -S /dev/wd0
[1]   Trace/BPT trap          fdisk -S /dev/wd0

I was unable to partition the hard drive in order to have a correct 
partitioning scheme for installing my cobalt.

fdisk seems to make an almost correct sanity check on 
get_mapping function except in some cases where head returned in the MBR is 0 
on 2 consecutives mappings while these values are trusted to make division, 
fdisk crash with a divide by zero problem.

initial sanity check was the following line 1525 in fdisk.c:
[...]
    /* Sanity check the data against all zeroes */
    if ((*cylinder == 0) && (*sector == 0) && (*head == 0))
        return -1;
[...]
>How-To-Repeat:
have a fucked up MBR on your hardrive and try to install port-cobalt.
>Fix:
--- fdisk.c     2008-01-01 11:18:07.000000000 +0100
+++ fdisk-new.c 2008-01-01 11:18:46.000000000 +0100
@@ -1541,8 +1541,8 @@
                *absolute = le32toh(part->mbrp_start)
                    + le32toh(part->mbrp_size) - 1;
        }
-       /* Sanity check the data against all zeroes */
-       if ((*cylinder == 0) && (*sector == 0) && (*head == 0))
+       /* Sanity check the data against cyl/sec/head zeroes */
+       if ((*cylinder == 0) || (*sector == 0) || (*head == 0))
                return -1;
        /* Sanity check the data against max values */
        if ((((*cylinder * MAXHEAD) + *head) * MAXSECTOR + *sector) < *absolute)

>Unformatted:
 3:23:05 CET 2007 
root%bearcave.no.phear.org@localhost:/usr/obj/sys/arch/cobalt/compile/GENERIC 
cobalt

Prev by Date: Re: kern/34799: IP Filter does not work correctly with gem(4) when hardware chec
Next by Date: bin/37657: cal does not check validity of command line input for option -A and -B
Previous by Thread: Re: kern/34799: IP Filter does not work correctly with gem(4) when hardware chec
Next by Thread: Re: bin/37656: fdisk segfault on invalid MBR entries on non-x86 geometry detection
Indexes:

Home | Main Index | Thread Index | Old Index