From owner-freebsd-bugs@FreeBSD.ORG Mon Feb 7 20:10:25 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 273D716A4CE for ; Mon, 7 Feb 2005 20:10:25 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E85EE43D4C for ; Mon, 7 Feb 2005 20:10:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j17KAOTQ029838 for ; Mon, 7 Feb 2005 20:10:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j17KAOVZ029835; Mon, 7 Feb 2005 20:10:24 GMT (envelope-from gnats) Resent-Date: Mon, 7 Feb 2005 20:10:24 GMT Resent-Message-Id: <200502072010.j17KAOVZ029835@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Andriy Gapon Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A471116A4CE for ; Mon, 7 Feb 2005 20:07:52 +0000 (GMT) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id E249A43D41 for ; Mon, 7 Feb 2005 20:07:50 +0000 (GMT) (envelope-from avg@topspin.kiev.ua) Received: from oddity.topspin.kiev.ua (oddity.topspin.kiev.ua [212.40.38.87]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id WAA09633 for ; Mon, 07 Feb 2005 22:07:49 +0200 (EET) (envelope-from avg@topspin.kiev.ua) Received: from oddity.topspin.kiev.ua (localhost [127.0.0.1]) j17K7mVY016740 for ; Mon, 7 Feb 2005 22:07:48 +0200 (EET) (envelope-from avg@oddity.topspin.kiev.ua) Received: (from avg@localhost) by oddity.topspin.kiev.ua (8.12.10/8.12.10/Submit) id j17K7m2R016739; Mon, 7 Feb 2005 22:07:48 +0200 (EET) (envelope-from avg) Message-Id: <200502072007.j17K7m2R016739@oddity.topspin.kiev.ua> Date: Mon, 7 Feb 2005 22:07:48 +0200 (EET) From: Andriy Gapon To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/77234: corrupted data is read from UDF filesystem if read starts at non-aligned offset X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 20:10:25 -0000 >Number: 77234 >Category: kern >Synopsis: corrupted data is read from UDF filesystem if read starts at non-aligned offset >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 07 20:10:24 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Andriy Gapon >Release: FreeBSD 5.2.1-RELEASE-p13 i386 >Organization: >Environment: System: FreeBSD 5.2.1-RELEASE-p13 386 sys/fs/udf/udf_vnops.c is patched to revision 1.50 >Description: it seems that udf_readatoffset() function does not properly handle certain offset, size combinations: offset%bsize != 0 and size in ](bsize-offset%bsize) + n*bsize, bsize + n*bsize] where n = 0, 1, 2, ... or with graphic illustration: current offset v |--------| - data that we want to read |******|&| - '*' are for good data, '&' for junk in memory |--------|--------| - data on disk |^^^^^^^^| - this is what would be read with current code |^^^^^^^^|^^^^^^^^| - this is what should be read ^ ^ ^ sector (or logical block) boundaries this happens because calculations of number of sectors to read do not take into account the fact that an additional sector may be needed because of current offset alignment. >How-To-Repeat: mount udf disk and perform something similar to large enough file: tmp$ dd if=/mnt/dvdrom/oddity/export.level-7.2005-02-01.dump.gz of=ttt bs=2000 21+1 records in 21+1 records out 42472 bytes transferred in 0.226800 secs (187266 bytes/sec) tmp$ diff /mnt/dvdrom/oddity/export.level-7.2005-02-01.dump.gz ttt Binary files /mnt/dvdrom/oddity/export.level-7.2005-02-01.dump.gz and ttt differ tmp$ dd if=/mnt/dvdrom/oddity/export.level-7.2005-02-01.dump.gz of=ttt bs=2048 20+1 records in 20+1 records out 42472 bytes transferred in 0.038471 secs (1104001 bytes/sec) tmp$ diff /mnt/dvdrom/oddity/export.level-7.2005-02-01.dump.gz ttt tmp$ file should be the same in both cases >Fix: number of requested bytes passed to udf_readlblks should be increased by (offset & udfmp->bmask) bytes. For the same reasons max_size calculated in udf_bmap_internal() should be decreased by the same value, so that we do not read beyond extent end. >Release-Note: >Audit-Trail: >Unformatted: