Package: udftools
Version: 1.0.0b3-14.2
Severity: normal
mkudffs is broken for specially crafted files:
$ s=$(mktemp)
$ truncate -s 3TiB $s
$ dd bs=512 count=64 </dev/zero | tr '\0' '\377' >$s
64+0 records in
64+0 records out
32768 bytes (33 kB) copied, 0.000170991 s, 192 MB/s
$ mkudffs --media-type=hd --blocksize=512 $s
Segmentation fault (core dumped)
$
.... (build debugging package)
$ gdb debian/udftools/usr/bin/mkudffs ~/core
Reading symbols from
/tmp/tmp.zAW1MYasi5/udftools-1.0.0b3/debian/udftools/usr/bin/mkudffs...done.
[New LWP 6225]
warning: Can't read pathname for load map: Input/output error.
Core was generated by
`/tmp/tmp.zAW1MYasi5/udftools-1.0.0b3/debian/udftools/usr/bin/mkudffs
--media-ty'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000040648f in next_extent_size (start_ext=0x0, type=USPACE,
blocks=16, offset=1) at extent.c:53
53 if (start_ext->start % offset)
(gdb) p start_ext
$1 = (struct udf_extent *) 0x0
(gdb) p start_ext->start
Cannot access memory at address 0x4
(gdb) i f
Stack level 0, frame at 0x7fff34bc16a0:
rip = 0x40648f in next_extent_size (extent.c:53); saved rip 0x402580
called by frame at 0x7fff34bc1730
source language c.
Arglist at 0x7fff34bc1690, args: start_ext=0x0, type=USPACE, blocks=16,
offset=1
Locals at 0x7fff34bc1690, Previous frame's sp is 0x7fff34bc16a0
Saved registers:
rbp at 0x7fff34bc1690, rip at 0x7fff34bc1698
(gdb) bt
#0 0x000000000040648f in next_extent_size (start_ext=0x0, type=USPACE,
blocks=16, offset=1) at extent.c:53
#1 0x0000000000402580 in split_space (disc=0x7fff34bc1850) at mkudffs.c:209
#2 0x000000000040140b in main (argc=4, argv=0x7fff34bc1a98) at main.c:173
(gdb)
Note: The "dd | tr >$s" line truncates the file to ~33kB. There seems to be a
relation to:
$ dd bs=512 count=64 </dev/zero >$s
64+0 records in
64+0 records out
32768 bytes (33 kB) copied, 0.000216984 s, 151 MB/s
$ /tmp/tmp.zAW1MYasi5/udftools-1.0.0b3/debian/udftools/usr/bin/mkudffs
--media-type=hd --blocksize=512 $s
Segmentation fault (core dumped)
$ dd bs=512 count=63 </dev/zero >$s
63+0 records in
63+0 records out
32256 bytes (32 kB) copied, 0.000215543 s, 150 MB/s
$ /tmp/tmp.zAW1MYasi5/udftools-1.0.0b3/debian/udftools/usr/bin/mkudffs
--media-type=hd --blocksize=512 $s
trying to change type of multiple extents
$ dd bs=512 count=65 </dev/zero >$s
65+0 records in
65+0 records out
33280 bytes (33 kB) copied, 0.000224204 s, 148 MB/s
$ /tmp/tmp.zAW1MYasi5/udftools-1.0.0b3/debian/udftools/usr/bin/mkudffs
--media-type=hd --blocksize=512 $s
trying to change type of multiple extents
$
So it's probably only broken for files with multiples of $blocksize size.
I was just playing around and didn't actually want to break something...
Cheers,
Julius
-- System Information:
Debian Release: 7.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages udftools depends on:
ii libc6 2.13-38
ii libreadline6 6.2+dfsg-0.1
Versions of packages udftools recommends:
ii udev 175-7.2
Versions of packages udftools suggests:
pn dvd+rw-tools <none>
pn pmount <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
