Package: ext4magic
Version: 0.3.2-12
Severity: normal
Dear Maintainers,
Action: Running ext4magic with -m and -a options on a specific unmounted
partition.
Result: A segmentation fault in the ext4-magic-scan phase.
Expected result: Normal operation, and, if possible, file undeletion, without
any crash.
Please find a backtrace and further information below.
Thank you,
Paul
--- (gdb) bt
#0 __strncpy_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:298
#1 0x00005555555726d9 in strncpy (__len=60, __src=<optimized out>,
__dest=0x5555555b9ea0 "")
at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106
#2 magic_check_block (buf=buf@entry=0x5555555c0560 "\377\376",
cookie=cookie@entry=0x555555596710,
cookie_f=cookie_f@entry=0x5555555b8b20,
magic_buf=magic_buf@entry=0x5555555b9ea0 "", size=size@entry=4096,
blk=<optimized out>, deep=0) at magic_block_scan.c:552
#3 0x0000555555575120 in magic_block_scan4 (
des_dir=0x7fffffffe4cd "RECOVERDIR", t_after=<optimized out>)
at magic_block_scan.c:1706
#4 0x000055555555959e in main (argc=<optimized out>, argv=<optimized out>)
at ext4magic.c:1112
--- Further Information I could find myself:
The crash is reproducible, but I did not test other ext3/ext4 partitions.
It does not happen without the "-a" options, but still for all tested t_after
much later then the last read-write mount and deletion.
- Line 552 of magic_block_scan.c reads: strncpy(magic_buf,
magic_buffer(cookie
, buf , size),60);
- The source of the strncpy, i.e. magic_buffer(cookie , buf , size), is a
pointer
to Null. Checked with a build with the "-O0" compilation switch.
- The manpage of libmagic states "magic_buffer(), magic_getpath(), and
magic_file(), functions return a string on success and NULL on failure."
- Dumping the content of "buf" until "buf+size" to a file and running the file
command on it outputs "Unicode text, UTF-32, little-endian". However "iconv -f
UTF-32 -t UTF-8" fails for this file. The data starts with 0xFFFE0000, but does
not look like text to me otherwise.
- The content of buf is the same for each crashing run.
-- System Information:
Debian Release: 10.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-13-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ext4magic depends on:
ii libblkid1 2.33.1-0.1
ii libbz2-1.0 1.0.6-9.2~deb10u1
ii libc6 2.28-10
ii libext2fs2 1.44.5-1+deb10u3
ii libmagic1 1:5.35-4+deb10u1
ii libuuid1 2.33.1-0.1
ii zlib1g 1:1.2.11.dfsg-1
ext4magic recommends no packages.
ext4magic suggests no packages.
