tags 487298 +pending
thanks
On Fri, Jun 20, 2008 at 04:44:28PM -0400, Ariel wrote:
>
> I haven't figured out what pattern of -t tests is needed to trigger it.
> Adding or removing one might make it stop crashing, and changing a
> random to a fixed number also changes it.
Creating more than 8 -t tests will trigger the problem, due to a
rather embarassing bug. It's rare that anyone wants that many test
batterns (I'm guessing you're trying to scrub a disk before discarding
it, probably to some DOD specification or some such?), so it hasnt
been noticed until now.
In any case, the following patch has been checked into my source tree
to fix the problem. Probably the best workaround if you aren't
interested in recompile e2fsprogs, and if you really need to do this
level of paranoid scrubbing, is to use a separate badblock invocation
for each set of 8 test patterns.
Regards,
- Ted
>From 26575946739f78c789641c8c7d54a5d6815a92b3 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <[EMAIL PROTECTED]>
Date: Sun, 6 Jul 2008 18:50:44 -0400
Subject: [PATCH] badblocks: Fix crash when lots of -t patterns given
With more than 8 -t patterns given, badblocks will overwrite the
t_patts array boundary due to realloc not taking into account the size
of an int. (Dons paper bag.)
Addresses-Debian-Bug: 487298
Signed-off-by: "Theodore Ts'o" <[EMAIL PROTECTED]>
---
misc/badblocks.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/misc/badblocks.c b/misc/badblocks.c
index 866144e..df74db4 100644
--- a/misc/badblocks.c
+++ b/misc/badblocks.c
@@ -995,7 +995,8 @@ int main (int argc, char ** argv)
if (t_flag + 1 > t_max) {
unsigned int *t_patts_new;
- t_patts_new = realloc(t_patts, t_max + T_INC);
+ t_patts_new = realloc(t_patts, sizeof(int) *
+ (t_max + T_INC));
if (!t_patts_new) {
com_err(program_name, ENOMEM,
_("can't allocate memory for "
--
1.5.6.1.205.ge2c7.dirty
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
