• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Fwd: Serious indexing problems in fsck_hfs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Serious indexing problems in fsck_hfs

  • Subject: Fwd: Serious indexing problems in fsck_hfs
  • From: "Rogério Brito" <email@hidden>
  • Date: Fri, 28 Sep 2007 15:29:10 -0300
The following message appears to have never hit the list before.


Regards, Prof. Rogério Brito.

---------- Forwarded message ----------
From: Rogério Theodoro de Brito <email@hidden>
Date: Aug 9, 2007 1:39 AM
Subject: Serious indexing problems in fsck_hfs
To: email@hidden
Cc: Alexandre Lymberopoulos <email@hidden>,
email@hidden, "Adam Cécile (Le_Vert)" <email@hidden>,
email@hidden, Joseph Jezak <email@hidden>,
Gerfried Fuchs <email@hidden>, email@hidden,
email@hidden


Dear Darwin Develpers,

I am a Debian user and prospective Debian Developer that has packaged
the disk utilities of Darwin for Debian and I noticed a pretty
serious problem when compiling the fsck_hfs utility under many 64 bit
platforms.

The bug manifests itself as a segmentation fault when running such
fsck on, for example, a disk image created by newfs_hfs.

I traced the problem in a 64 bit platform to be a quite silly problem
that is present in MacOS X 10.4 from releases 10.4.5 up to 10.5.9,
which is the last available version on the Open Source site that
Apple maintains (unfortunately, it doesn't have the sources for
10.4.10, which is quite needed here).

The problem I'm referring to is in the fsck_hfs.tproj/dfalib/
hfs_endian.c file and it has the following snippet (sorry for the
line-wrapping, but I don't know how to avoid that with Mail.app,
which is what I am using right now):

(Around line 519):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
         for (i = 0; i < srcDesc->numRecords; i++) {
                /* Point to the start of the record we're currently
checking. */
             srcKey = (HFSPlusCatalogKey *)((char *)src->buffer +
srcOffs[i]);

             /*
              * Point to start of next (larger offset) record.  We'll
use this
              * to be sure the current record doesn't overflow into
the next
              * record.
              */
                        nextRecord = (char *)src->buffer + srcOffs[i-1];

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The code above was taken from the package diskdev_cmds-332.22.tar.gz,
which is the last one available for download at the Apple site.


Please, notice that when i = 0, the last line quoted has srcOffs
[i-1], which tries to access the position of index -1, which is
obviously an error as it is not protected by an if or something similar.

Unfortunately, almost the same piece of code is repeated quite often
in such file (I counted the repetition of this line at least 6 times
in that file, which is, obviously, really not desired). I believe
that some of the repetitions could be addressed with a cleanup.

Oh, BTW, if I am not mistaken, the code in this module (not limited
to this file) also has some unfortunate assumptions of the size of a
pointer being the same of an unsigned integer, something which is
false in some (or maybe all) 64-bit architectures.

I'm carbon copying the Gentoo Developer of the same package, the bug
sumitter to the Debian Bugtracking System, some friends of mine and
another kind Debian Developer as well as the security contact that I
could find on the page <http://www.apple.com/support/security/>.

Just a small point here regarding the Apple mailing lists, I tried up
to now 4 times to subscribe to Apple mailing lists without success to
inform you of such serious problems. I hope that this time this e-
mail won't bounce back to me (which would be a sad state of affairs,
since I am trying to help with your products and this is the very
soul of Free Software).

If I don't hear back or if this mail bounces, I am afraid that I will
be quite sad with the position that Apple has chosen to adopt. After
all, all I am trying to do is to point out grave problems that should
be addressed quite soon, as the users relying on fsck_hfs to repair
their possibly damaged fileystems may be in a high danger.


Regards, Prof. Rogério Brito.

--
Rogério Brito : rbrito@{mackenzie,ime.usp}.br : GPG key 1024D/7C2CAEB8
http://www.ime.usp.br/~rbrito : http://meusite.mackenzie.com.br/rbrito
Projects: algorithms.berlios.de : lame.sf.net : vrms.alioth.debian.org
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Fwd: Serious indexing problems in fsck_hfs
      • From: Peter Streibig <email@hidden>
  • Prev by Date: Re: P2P Streaming
  • Next by Date: [darwin-dev] Where is uwritec ?
  • Previous by thread: Source for dwarfdump/dsymutil?
  • Next by thread: Re: Fwd: Serious indexing problems in fsck_hfs
  • Index(es):
    • Date
    • Thread