Package: reiser4progs
Version: 1.0.7-6
Severity: critical
Justification: causes serious data loss
I found two bugs in fsck.reiserfs, that affect filesystems larger than 16 TiB.
First is an explicit cast of a 64 bit block counter to 32 bit, which causes it
to not work correctly on such large filesystems, the second is that the code
that prints the progress bar can go into an infinite loop (which was triggered
by the bug I reported earlier against libaal-dev), because it
uses "while(width--) {...}", but width can start out to be negative. I've
marked this bug critical as the first bug could cause an incorrect repair of
the filesystem, and the second will prevent fsck.reiserfs from running at all.
I have attached a patch which fixes the first issue, and removes the progress
bar completely.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages reiser4progs depends on:
ii libc6 2.13-8 Embedded GNU C Library: Shared lib
ii libncurses5 5.9-1 shared libraries for terminal hand
ii libreadline6 6.2-2 GNU readline and history libraries
ii libuuid1 2.19.1-2 Universally Unique ID library
reiser4progs recommends no packages.
reiser4progs suggests no packages.
-- no debconf information
--- reiser4progs-1.0.7.orig/libmisc/gauge.c
+++ reiser4progs-1.0.7/libmisc/gauge.c
@@ -95,31 +95,8 @@
gauge->value_func(gauge);
if (gauge->value != -1) {
- uint32_t width, count;
-
- width = misc_screen_width();
- if (width < 10)
- goto done;
-
- width -= 10;
-
- if (width > 50)
- width = 50;
-
- fprintf(stderr, "[");
- count = width * gauge->value / 100;
- width -= count;
- while (count--) {
- fprintf(stderr, "=");
- }
-
misc_gauge_blit();
-
- while(width--) {
- fprintf(stderr, " ");
- }
-
- fprintf(stderr, "] %lld%%", gauge->value);
+ fprintf(stderr, " %lld%%", gauge->value);
} else {
misc_gauge_blit();
}
--- reiser4progs-1.0.7.orig/librepair/repair.c
+++ reiser4progs-1.0.7/librepair/repair.c
@@ -210,7 +210,8 @@
is a node). */
static errno_t cb_region_mark(blk_t blk, uint64_t count, void *data) {
repair_control_t *control = (repair_control_t *)data;
- uint32_t i;
+ //uint32_t i; // BUG! block number is 64 bit.
+ blk_t i;
aal_assert("vpf-561", control != NULL);
