Public bug reported:
Description: Ubuntu 16.04.3 LTS
Release: 16.04
squashfs-tools: Installed: 1:4.3-3ubuntu2.16.04.1
mksquashfs can create a filesystem with a pseudo file at '/', but unsquashfs
doesn't like the result, and mksquashfs crashes trying to add to it.
$ rm /tmp/crash.sfs
$ mksquashfs /tmp/empty /tmp/crash.sfs -p "/ f 444 root root echo"
Parallel mksquashfs: Using 4 processors
Creating 4.0 filesystem on /tmp/crash.sfs, block size 131072.
[===================================================================|] 1/1 100%
Exportable Squashfs 4.0 filesystem, gzip compressed, data block size 131072
compressed data, compressed metadata, compressed fragments, compressed
xattrs
duplicates are removed
Filesystem size 0.22 Kbytes (0.00 Mbytes)
92.37% of uncompressed filesystem size (0.24 Kbytes)
Inode table size 45 bytes (0.04 Kbytes)
68.18% of uncompressed inode table size (66 bytes)
Directory table size 20 bytes (0.02 Kbytes)
90.91% of uncompressed directory table size (22 bytes)
Number of duplicate files found 0
Number of inodes 2
Number of files 1
Number of fragments 1
Number of symbolic links 0
Number of device nodes 0
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 1
Number of ids (unique uids + gids) 2
Number of uids 2
root (0)
matthew (1000)
Number of gids 2
root (0)
matthew (1000)
$ unsquashfs -i /tmp/crash.sfs
Parallel unsquashfs: Using 4 processors
0 inodes (0 blocks) to write
dir_scan: failed to read directory squashfs-root, skipping
created 0 files
created 0 directories
created 0 symlinks
created 0 devices
created 0 fifos
$ mksquashfs /tmp/empty /tmp/crash.sfs
Found a valid exportable SQUASHFS superblock on /tmp/crash.sfs.
Compression used gzip
Inodes are compressed
Data is compressed
Fragments are compressed
Xattrs are compressed
Fragments are present in the filesystem
Always-use-fragments option is not specified
Duplicates are removed
Xattrs are stored
Filesystem size 0.22 Kbytes (0.00 Mbytes)
Block size 131072
Number of fragments 1
Number of inodes 2
Number of ids 2
Parallel mksquashfs: Using 4 processors
Scanning existing filesystem...
Read existing filesystem, 1 inodes scanned
*** buffer overflow detected ***: mksquashfs terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f828fe667e5]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f828ff0815c]
/lib/x86_64-linux-gnu/libc.so.6(+0x117160)[0x7f828ff06160]
mksquashfs[0x40febc]
mksquashfs[0x4107fd]
mksquashfs[0x404374]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f828fe0f830]
mksquashfs[0x405399]
======= Memory map: ========
00400000-0042a000 r-xp 00000000 08:08 304275
/usr/bin/mksquashfs
00629000-0062a000 r--p 00029000 08:08 304275
/usr/bin/mksquashfs
0062a000-0062b000 rw-p 0002a000 08:08 304275
/usr/bin/mksquashfs
0062b000-00cac000 rw-p 00000000 00:00 0
016d5000-0174f000 rw-p 00000000 00:00 0 [heap]
7f8254000000-7f8254043000 rw-p 00000000 00:00 0
7f8254043000-7f8258000000 ---p 00000000 00:00 0
7f8258000000-7f8258121000 rw-p 00000000 00:00 0
7f8258121000-7f825c000000 ---p 00000000 00:00 0
7f825c000000-7f825c063000 rw-p 00000000 00:00 0
7f825c063000-7f8260000000 ---p 00000000 00:00 0
7f8262ffe000-7f8262fff000 ---p 00000000 00:00 0
7f8262fff000-7f82637ff000 rw-p 00000000 00:00 0
7f82637ff000-7f8263800000 ---p 00000000 00:00 0
7f8263800000-7f8264000000 rw-p 00000000 00:00 0
7f8264000000-7f8264043000 rw-p 00000000 00:00 0
7f8264043000-7f8268000000 ---p 00000000 00:00 0
7f8268000000-7f8268121000 rw-p 00000000 00:00 0
7f8268121000-7f826c000000 ---p 00000000 00:00 0
7f826c000000-7f826c121000 rw-p 00000000 00:00 0
7f826c121000-7f8270000000 ---p 00000000 00:00 0
7f8270000000-7f8270063000 rw-p 00000000 00:00 0
7f8270063000-7f8274000000 ---p 00000000 00:00 0
7f8274000000-7f8274063000 rw-p 00000000 00:00 0
7f8274063000-7f8278000000 ---p 00000000 00:00 0
7f8278000000-7f8278043000 rw-p 00000000 00:00 0
7f8278043000-7f827c000000 ---p 00000000 00:00 0
7f827c000000-7f827c121000 rw-p 00000000 00:00 0
7f827c121000-7f8280000000 ---p 00000000 00:00 0
7f8280000000-7f8280043000 rw-p 00000000 00:00 0
7f8280043000-7f8284000000 ---p 00000000 00:00 0
7f82847f9000-7f82847fa000 ---p 00000000 00:00 0
7f82847fa000-7f8284ffa000 rw-p 00000000 00:00 0
7f8284ffa000-7f8284ffb000 ---p 00000000 00:00 0
7f8284ffb000-7f82857fb000 rw-p 00000000 00:00 0
7f82857fb000-7f82857fc000 ---p 00000000 00:00 0
7f82857fc000-7f8285ffc000 rw-p 00000000 00:00 0
7f8285ffc000-7f8285ffd000 ---p 00000000 00:00 0
7f8285ffd000-7f82867fd000 rw-p 00000000 00:00 0
7f82867fd000-7f82867fe000 ---p 00000000 00:00 0
7f82867fe000-7f8286ffe000 rw-p 00000000 00:00 0
7f8286ffe000-7f8286fff000 ---p 00000000 00:00 0
7f8286fff000-7f82877ff000 rw-p 00000000 00:00 0
7f82877ff000-7f8287800000 ---p 00000000 00:00 0
7f8287800000-7f8288000000 rw-p 00000000 00:00 0
7f8288000000-7f8288063000 rw-p 00000000 00:00 0
7f8288063000-7f828c000000 ---p 00000000 00:00 0
7f828c04b000-7f828c061000 r-xp 00000000 08:08 270119
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f828c061000-7f828c260000 ---p 00016000 08:08 270119
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f828c260000-7f828c261000 rw-p 00015000 08:08 270119
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f828c261000-7f828c262000 ---p 00000000 00:00 0
7f828c262000-7f828ca62000 rw-p 00000000 00:00 0
7f828ca62000-7f828ca63000 ---p 00000000 00:00 0
7f828ca63000-7f828d263000 rw-p 00000000 00:00 0
7f828d263000-7f828d264000 ---p 00000000 00:00 0
7f828d264000-7f828da64000 rw-p 00000000 00:00 0
7f828da64000-7f828da65000 ---p 00000000 00:00 0
7f828da65000-7f828e265000 rw-p 00000000 00:00 0
7f828e265000-7f828e266000 ---p 00000000 00:00 0
7f828e266000-7f828ea66000 rw-p 00000000 00:00 0
7f828ea66000-7f828ea67000 ---p 00000000 00:00 0
7f828ea67000-7f828f267000 rw-p 00000000 00:00 0
7f828f267000-7f828f268000 ---p 00000000 00:00 0
7f828f268000-7f828fbeb000 rw-p 00000000 00:00 0
7f828fbeb000-7f828fbee000 r-xp 00000000 08:08 265670
/lib/x86_64-linux-gnu/libdl-2.23.so
7f828fbee000-7f828fded000 ---p 00003000 08:08 265670
/lib/x86_64-linux-gnu/libdl-2.23.so
7f828fded000-7f828fdee000 r--p 00002000 08:08 265670
/lib/x86_64-linux-gnu/libdl-2.23.so
7f828fdee000-7f828fdef000 rw-p 00003000 08:08 265670
/lib/x86_64-linux-gnu/libdl-2.23.so
7f828fdef000-7f828ffaf000 r-xp 00000000 08:08 265647
/lib/x86_64-linux-gnu/libc-2.23.so
7f828ffaf000-7f82901af000 ---p 001c0000 08:08 265647
/lib/x86_64-linux-gnu/libc-2.23.so
7f82901af000-7f82901b3000 r--p 001c0000 08:08 265647
/lib/x86_64-linux-gnu/libc-2.23.so
7f82901b3000-7f82901b5000 rw-p 001c4000 08:08 265647
/lib/x86_64-linux-gnu/libc-2.23.so
7f82901b5000-7f82901b9000 rw-p 00000000 00:00 0
7f82901b9000-7f82901d0000 r-xp 00000000 08:08 402485
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f82901d0000-7f82903cf000 ---p 00017000 08:08 402485
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f82903cf000-7f82903d0000 r--p 00016000 08:08 402485
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f82903d0000-7f82903d1000 rw-p 00017000 08:08 402485
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f82903d1000-7f82903f2000 r-xp 00000000 08:08 270150
/lib/x86_64-linux-gnu/liblzo2.so.2.0.0
7f82903f2000-7f82905f1000 ---p 00021000 08:08 270150
/lib/x86_64-linux-gnu/liblzo2.so.2.0.0
7f82905f1000-7f82905f2000 r--p 00020000 08:08 270150
/lib/x86_64-linux-gnu/liblzo2.so.2.0.0
7f82905f2000-7f82905f3000 rw-p 00021000 08:08 270150
/lib/x86_64-linux-gnu/liblzo2.so.2.0.0
7f82905f3000-7f8290614000 r-xp 00000000 08:08 270148
/lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f8290614000-7f8290813000 ---p 00021000 08:08 270148
/lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f8290813000-7f8290814000 r--p 00020000 08:08 270148
/lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f8290814000-7f8290815000 rw-p 00021000 08:08 270148
/lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f8290815000-7f829082e000 r-xp 00000000 08:08 272161
/lib/x86_64-linux-gnu/libz.so.1.2.8
7f829082e000-7f8290a2d000 ---p 00019000 08:08 272161
/lib/x86_64-linux-gnu/libz.so.1.2.8
7f8290a2d000-7f8290a2e000 r--p 00018000 08:08 272161
/lib/x86_64-linux-gnu/libz.so.1.2.8
7f8290a2e000-7f8290a2f000 rw-p 00019000 08:08 272161
/lib/x86_64-linux-gnu/libz.so.1.2.8
7f8290a2f000-7f8290b37000 r-xp 00000000 08:08 264070
/lib/x86_64-linux-gnu/libm-2.23.so
7f8290b37000-7f8290d36000 ---p 00108000 08:08 264070
/lib/x86_64-linux-gnu/libm-2.23.so
7f8290d36000-7f8290d37000 r--p 00107000 08:08 264070
/lib/x86_64-linux-gnu/libm-2.23.so
7f8290d37000-7f8290d38000 rw-p 00108000 08:08 264070
/lib/x86_64-linux-gnu/libm-2.23.so
7f8290d38000-7f8290d50000 r-xp 00000000 08:08 265643
/lib/x86_64-linux-gnu/libpthread-2.23.so
7f8290d50000-7f8290f4f000 ---p 00018000 08:08 265643
/lib/x86_64-linux-gnu/libpthread-2.23.so
7f8290f4f000-7f8290f50000 r--p 00017000 08:08 265643
/lib/x86_64-linux-gnu/libpthread-2.23.so
7f8290f50000-7f8290f51000 rw-p 00018000 08:08 265643
/lib/x86_64-linux-gnu/libpthread-2.23.so
7f8290f51000-7f8290f55000 rw-p 00000000 00:00 0
7f8290f55000-7f8290f7b000 r-xp 00000000 08:08 265638
/lib/x86_64-linux-gnu/ld-2.23.so
7f8290fcb000-7f8291154000 rw-p 00000000 00:00 0
7f8291179000-7f829117a000 rw-p 00000000 00:00 0
7f829117a000-7f829117b000 r--p 00025000 08:08 265638
/lib/x86_64-linux-gnu/ld-2.23.so
7f829117b000-7f829117c000 rw-p 00026000 08:08 265638
/lib/x86_64-linux-gnu/ld-2.23.so
7f829117c000-7f829117d000 rw-p 00000000 00:00 0
7ffdab4c5000-7ffdab4e7000 rw-p 00000000 00:00 0 [stack]
7ffdab557000-7ffdab55a000 r--p 00000000 00:00 0 [vvar]
7ffdab55a000-7ffdab55c000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Aborted (core dumped)
** Affects: squashfs-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745757
Title:
Buffer overflow adding to archive with pseudo file at '/'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1745757/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
