Package: reiser4progs Version: 1.0.7-6 Severity: critical Justification: causes serious data loss
I found two bugs in fsck.reiserfs, that affect filesystems larger than 16 TiB. First is an explicit cast of a 64 bit block counter to 32 bit, which causes it to not work correctly on such large filesystems, the second is that the code that prints the progress bar can go into an infinite loop (which was triggered by the bug I reported earlier against libaal-dev), because it uses "while(width--) {...}", but width can start out to be negative. I've marked this bug critical as the first bug could cause an incorrect repair of the filesystem, and the second will prevent fsck.reiserfs from running at all. I have attached a patch which fixes the first issue, and removes the progress bar completely. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/6 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages reiser4progs depends on: ii libc6 2.13-8 Embedded GNU C Library: Shared lib ii libncurses5 5.9-1 shared libraries for terminal hand ii libreadline6 6.2-2 GNU readline and history libraries ii libuuid1 2.19.1-2 Universally Unique ID library reiser4progs recommends no packages. reiser4progs suggests no packages. -- no debconf information
--- reiser4progs-1.0.7.orig/libmisc/gauge.c +++ reiser4progs-1.0.7/libmisc/gauge.c @@ -95,31 +95,8 @@ gauge->value_func(gauge); if (gauge->value != -1) { - uint32_t width, count; - - width = misc_screen_width(); - if (width < 10) - goto done; - - width -= 10; - - if (width > 50) - width = 50; - - fprintf(stderr, "["); - count = width * gauge->value / 100; - width -= count; - while (count--) { - fprintf(stderr, "="); - } - misc_gauge_blit(); - - while(width--) { - fprintf(stderr, " "); - } - - fprintf(stderr, "] %lld%%", gauge->value); + fprintf(stderr, " %lld%%", gauge->value); } else { misc_gauge_blit(); } --- reiser4progs-1.0.7.orig/librepair/repair.c +++ reiser4progs-1.0.7/librepair/repair.c @@ -210,7 +210,8 @@ is a node). */ static errno_t cb_region_mark(blk_t blk, uint64_t count, void *data) { repair_control_t *control = (repair_control_t *)data; - uint32_t i; + //uint32_t i; // BUG! block number is 64 bit. + blk_t i; aal_assert("vpf-561", control != NULL);