Hi, Google's Android team uses a modified fsck_msdos version from FreeBSD, fixing issues in their local repositories. No license adjustments, so we are free to merge them into ours.
One of these fixes covers an out of boundary access that can occur if filesystem points to a cluster outside of allocated memory. Their use case covers FFFFFFFFh which is a "magic number" in specification. In either way, we shouldn't trust a value of a filesystem we are going to check, so test index value for valid range before using it. Android commit id 59ae828834dc177c74775cf36cafda4da9927bd9: https://android.googlesource.com/platform/external/fsck_msdos/+/59ae828834dc177c74775cf36cafda4da9927bd9 This diff is less intrusive, just adding the additional check: Does somebody agree that this is a good thing to do? Index: fat.c =================================================================== RCS file: /cvs/src/sbin/fsck_msdos/fat.c,v retrieving revision 1.18 diff -u -p -r1.18 fat.c --- fat.c 27 Oct 2009 23:59:33 -0000 1.18 +++ fat.c 8 Jun 2014 23:30:51 -0000 @@ -535,7 +535,8 @@ checklost(int dosfs, struct bootblock *b ret = 1; } } - if (boot->NumFree && fat[boot->FSNext].next != CLUST_FREE) { + if (boot->NumFree && (boot->FSNext >= boot->NumClusters || + fat[boot->FSNext].next != CLUST_FREE)) { pwarn("Next free cluster in FSInfo block (%u) not free\n", boot->FSNext); if (ask(1, "fix"))
