FS#79120 - [ext4magic] free(): invalid pointer
Attached to Project:
Arch Linux
Opened by Cebtenzzre (cebtenzzre) - Sunday, 16 July 2023, 16:54 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:22 GMT
Opened by Cebtenzzre (cebtenzzre) - Sunday, 16 July 2023, 16:54 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:22 GMT
|
Details
Description:
When I was helping a friend use ext4magic, it crashed with SIGABRT because a non-malloc()ed address was passed to free. Additional info: * package version(s): 0.3.2-4 ASAN report: ==1535==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7ff6f6131794 in thread T0 #0 0x7ff6f86f6dc2 in __interceptor_free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52 #1 0x7ff6f852dcc0 in ext2fs_free_mem (/usr/lib/libext2fs.so.2+0x2ccc0) (BuildId: 53d2cdd8626816ff908b663e489ddd3708b64b54) #2 0x557d7f3fd718 in local_ext2fs_extent_free /usr/src/debug/ext4magic/ext4magic-0.3.2/src/block.c:100 #3 0x557d7f4023d9 in local_block_iterate3 /usr/src/debug/ext4magic/ext4magic-0.3.2/src/block.c:703 #4 0x557d7f480e65 in check_file_recover /usr/src/debug/ext4magic/ext4magic-0.3.2/src/recover.c:600 #5 0x557d7f46cc91 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:641 #6 0x557d7f46cac0 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:626 #7 0x557d7f46cac0 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:626 #8 0x557d7f46cac0 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:626 #9 0x557d7f46cac0 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:626 #10 0x557d7f46cac0 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:626 #11 0x557d7f46cac0 in lookup_local /usr/src/debug/ext4magic/ext4magic-0.3.2/src/lookup_local.c:626 #12 0x557d7f408cf2 in main /usr/src/debug/ext4magic/ext4magic-0.3.2/src/ext4magic.c:1096 #13 0x7ff6f831584f (/usr/lib/libc.so.6+0x2384f) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) #14 0x7ff6f8315909 in __libc_start_main (/usr/lib/libc.so.6+0x23909) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) #15 0x557d7f3fd494 in _start (/usr/bin/ext4magic+0x11494) (BuildId: 0bfaf5e9786079b8b1a9382d9fd602aa2773f700) Address 0x7ff6f6131794 is located in stack of thread T0 at offset 404 in frame #0 0x557d7f4010fa in local_block_iterate3 /usr/src/debug/ext4magic/ext4magic-0.3.2/src/block.c:549 This frame has 7 object(s): [48, 56) 'blk64' (line 556) [80, 88) 'handle' (line 609) [112, 120) 'blk' (line 612) [144, 152) 'new_blk' (line 612) [176, 200) 'extent' (line 610) [240, 312) 'ctx' (line 554) [352, 480) 'inode' (line 539) <== Memory access at offset 404 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: bad-free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52 in __interceptor_free ==1535==ABORTING This appears to be a mismatch between ext2fs_extent_open2 and local_ext2fs_extent_free. Changing it to ext2fs_extent_free fixed the problem for me. |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:22 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/ext4magic/issues/1
Saturday, 25 November 2023, 20:22 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/ext4magic/issues/1
Last release is not a good indicator. There is at least some activity up there to be seen. Arch PM's are reluctant to apply patches that haven't been sent upstream...so it's in your interest to do so anyway.
The project owner has been inactive on SourceForge for six years, so I don't expect it to be resolved.
But at least now it's documented somewhere besides the Debian and Arch bug trackers.