Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#35734 - [dosfstools] mkfs.vfat from 3.0.18 crashes

Attached to Project: Arch Linux
Opened by Gaetan Bisson (vesath) - Sunday, 09 June 2013, 11:50 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 10 June 2013, 09:31 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture x86_64
Severity Critical
Priority Urgent
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Trying to partition a loopback file as VFAT using:

$ head -c 100M /dev/zero > rofl
$ mkfs.vfat rofl

Yields the following error:

mkfs.vfat 3.0.18 (06 Jun 2013)
*** buffer overflow detected ***: mkfs.vfat terminated
======= Backtrace: =========
/usr/lib/libc.so.6(__fortify_fail+0x37)[0x7f2f12d9be67]
/usr/lib/libc.so.6(+0xf9070)[0x7f2f12d9a070]
mkfs.vfat[0x402630]
/usr/lib/libc.so.6(__libc_start_main+0xf5)[0x7f2f12cc2a15]
mkfs.vfat[0x403a81]
======= Memory map: ========
00400000-00406000 r-xp 00000000 08:02 10144 /usr/bin/mkfs.fat
00605000-00606000 r--p 00005000 08:02 10144 /usr/bin/mkfs.fat
00606000-00607000 rw-p 00006000 08:02 10144 /usr/bin/mkfs.fat
00607000-0060b000 rw-p 00000000 00:00 0
0107e000-0109f000 rw-p 00000000 00:00 0 [heap]
7f2f12a8b000-7f2f12aa0000 r-xp 00000000 08:02 10300 /usr/lib/libgcc_s.so.1
7f2f12aa0000-7f2f12ca0000 ---p 00015000 08:02 10300 /usr/lib/libgcc_s.so.1
7f2f12ca0000-7f2f12ca1000 rw-p 00015000 08:02 10300 /usr/lib/libgcc_s.so.1
7f2f12ca1000-7f2f12e44000 r-xp 00000000 08:02 10084 /usr/lib/libc-2.17.so
7f2f12e44000-7f2f13044000 ---p 001a3000 08:02 10084 /usr/lib/libc-2.17.so
7f2f13044000-7f2f13048000 r--p 001a3000 08:02 10084 /usr/lib/libc-2.17.so
7f2f13048000-7f2f1304a000 rw-p 001a7000 08:02 10084 /usr/lib/libc-2.17.so
7f2f1304a000-7f2f1304e000 rw-p 00000000 00:00 0
7f2f1304e000-7f2f1306f000 r-xp 00000000 08:02 10120 /usr/lib/ld-2.17.so
7f2f1324b000-7f2f1324e000 rw-p 00000000 00:00 0
7f2f1326d000-7f2f1326f000 rw-p 00000000 00:00 0
7f2f1326f000-7f2f13270000 r--p 00021000 08:02 10120 /usr/lib/ld-2.17.so
7f2f13270000-7f2f13271000 rw-p 00022000 08:02 10120 /usr/lib/ld-2.17.so
7f2f13271000-7f2f13272000 rw-p 00000000 00:00 0
7fff3d0d1000-7fff3d0f2000 rw-p 00000000 00:00 0 [stack]
7fff3d1fe000-7fff3d200000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

Downgrading to 3.0.17 fixes this issue.
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Monday, 10 June 2013, 09:31 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.0.18-2
Comment by Tobias Powalowski (tpowa) - Sunday, 09 June 2013, 11:56 GMT
already mailed the maintainer, waiting on response.
Comment by Dave Reisner (falconindy) - Sunday, 09 June 2013, 16:32 GMT
It's a rather amateur buffer overflow caused by using strcpy on a fixed size buffer.

The attached patch solves it.

Loading...