Package: util-linux
Version: 2.25.2-5
Severity: normal

Dear Maintainer,

Let's start with the TL;DR version: 
if fdisk encounters a GPT header
with an incorrect size field it tries to calculate the CRC32 over
whatever this size field is reporting, leading eventually to a segfault.


Longer version:
I'm creating my own hobby OS (including bootloader part; not using GRUB
or anything) and was moving from start execution at first byte of the HDD 
to having an actual partition table etc. Instead of using partx to
create the protective MBR and the GPT for my disk image, I decided I
wanted to learn what this GPT looks like and included creating the
MBR/GPT in the Makefile/linker script for the boot loader. I
misinterpreted the part where it said that the size field of the GPT
header is little endian and accidentally created a big endian version,
so my header is not 92 bytes, but a whole lot more. I then thought that
the quickest way to get the CRCs correct(ed) was to probably run fdisk
and let it calculate and fix my CRCs. To my surprise however, it just
segfaulted without any error/warning.

I apt-getted the source, recompiled with debugging and found the
following:
Starting program: /local/svn/util-linux-2.25.2/.libs/fdisk -l /local/OS/HD_img 

Program received signal SIGSEGV, Segmentation fault.
0x000000000042fa22 in crc32 (seed=4294967295, buf=0x648180 "EFI PART", 
len=1543381375) at lib/crc32.c:112
112                     crc = crc32_tab[(crc ^ *p++) & 0xff] ^ (crc >> 8);
(gdb) bt
#0  0x000000000042fa22 in crc32 (seed=4294967295, buf=0x648180 "EFI PART", 
len=1543381375) at lib/crc32.c:112
#1  0x000000000042afb0 in count_crc32 (buf=0x648180 "EFI PART", len=1543503872) 
at libfdisk/src/gpt.c:676
#2  0x000000000042b08d in gpt_check_header_crc (header=0x648180, ents=0x0) at 
libfdisk/src/gpt.c:715
#3  0x000000000042b3d8 in gpt_read_header (cxt=0x645080, lba=1, _ents=0x645210) 
at libfdisk/src/gpt.c:830
#4  0x000000000042bf15 in gpt_probe_label (cxt=0x645080) at 
libfdisk/src/gpt.c:1186
#5  0x0000000000412c61 in fdisk_probe_labels (cxt=0x645080) at 
libfdisk/src/label.c:27
#6  0x0000000000414fb0 in fdisk_context_assign_device (cxt=0x645080, 
fname=0x7fffffffe42c "/local/OS/HD_img", readonly=1) at 
libfdisk/src/context.c:278
#7  0x0000000000405c6a in print_device_pt (cxt=0x645080, device=0x7fffffffe42c 
"/local/OS/HD_img", warnme=1) at disk-utils/fdisk.c:693
#8  0x0000000000406681 in main (argc=3, argv=0x7fffffffe0f8) at 
disk-utils/fdisk.c:935

I changed (wouldn't call it patched) the source to check whether the
size field isn't bigger than sizeof(struct gpt_header), but that results
in fdisk thinking there is no GPT table, despite the fact that it
clearly has the "EFI PART" signature at the start, so I decided that my
change is probably not what we want either. What I think it should be
doing is: check for the signature, if there's none: there is no GPT. If
the signature is there: check the GPT header and warn if things like the
crc are incorrect and write the corrected version on exit (pretty much
like how it fixes the MBR size if that's incorrect; I made more mistakes
in my partition tables ;) ).


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.3 (SMP w/12 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages util-linux depends on:
ii  initscripts    2.88dsf-58
ii  libblkid1      2.25.2-5
ii  libc6          2.19-15
ii  libmount1      2.25.2-5
ii  libncurses5    5.9+20140913-1+b1
ii  libpam0g       1.1.8-3.1
ii  libselinux1    2.3-2
ii  libslang2      2.3.0-2
ii  libsmartcols1  2.25.2-5
ii  libtinfo5      5.9+20140913-1+b1
ii  libuuid1       2.25.2-5
ii  lsb-base       4.1+Debian13+nmu1
ii  tzdata         2015a-1
ii  zlib1g         1:1.2.8.dfsg-2+b1

util-linux recommends no packages.

Versions of packages util-linux suggests:
ii  dosfstools          3.0.27-1
ii  kbd                 1.15.5-2
pn  util-linux-locales  <none>

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to