Package: lshw Version: 02.17-1 Followup-For: Bug #757689 Dear Maintainer,
It turns out that on my amd64 box, lshw segfaults too. I sorted it to a stack corruption which happens only while lshw is built wiht optimisations (at least -O2). And a patch is already in lshw-development upstream. I attach this upstream commit (revision 2528). In src/core/fat.cc scan_fat, the call to readlogicalblocks pass struct vfat_super_block which currently can be sized lower than 512 bytes. The issue is that readlogicalblocks (in src/core/blockio.cc) memset this pointer to zero a whole block at a time (here 512 bytes) thus overflowing the buffer. The stack is showned corrupted from there on (in gdb it gives: #0 scan_fat (n=..., id=...) at fat.cc:156 #1 0xc2fef1f766184eb7 in ?? () #2 0xeac166d08b66ca8a in ?? () #3 0x568ad6861a76f710 in ?? () #4 0xcc0a06e4c0e88a40 in ?? () #5 0x0f616613cd0201b8 in ?? () #6 0x660200c381ff7482 in ?? () #7 0x4f4f42c394754940 in ?? () #8 0x2020202052474d54 in ?? () #9 0x0000000000000000 in ?? () The 512 bytes of extra padding added to the struct vfat_super_block fixes the overflow. Best regards, Alban Browaeys System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lshw depends on: ii libc6 2.19-11 ii libgcc1 1:4.9.1-14 ii libstdc++6 4.9.1-14 Versions of packages lshw recommends: ii pciutils 1:3.2.1-3 ii usbutils 1:007-2 lshw suggests no packages. -- no debconf information
Import buffer overflow fix from lshw-development : svn commit 2528. Index: src/core/fat.cc =================================================================== --- a/src/core/fat.cc (révision 2527) +++ b/src/core/fat.cc (révision 2528) @@ -81,6 +81,7 @@ uint8_t dummy2[164]; uint8_t pmagic[2]; } __attribute__((__packed__)) fat32; + char sector[512]; // to make sure the whole struct is at least 512 bytes long } __attribute__((__packed__)) type; } __attribute__((__packed__));
