Date: Tue, 14 Feb 2023 08:14:15 -0800 From: bob prohaska <fbsd@www.zefox.net> To: freebsd-arm@freebsd.org Subject: Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash) Message-ID: <20230214161415.GA28276@www.zefox.net> In-Reply-To: <C282CC2D-4CDB-4A33-AFA8-C563E377CE8E@yahoo.com> References: <20230212043524.GA19401@www.zefox.net> <984314A1-FF42-4F92-A212-6BC0D85CB630@yahoo.com> <20230212165333.GB19401@www.zefox.net> <C162CDC1-FFBF-4410-9791-023EC7CEC7BD@yahoo.com> <20230212191308.GA21535@www.zefox.net> <FDD4D849-CBF6-49E5-801E-F693BB039433@yahoo.com> <20230212195324.GB21535@www.zefox.net> <03840D0B-13D4-4F22-BDAF-2887A4D78BED@yahoo.com> <20230213232519.GD95670@funkthat.com> <C282CC2D-4CDB-4A33-AFA8-C563E377CE8E@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Feb 13, 2023, at 15:25, John-Mark Gurney <jmg@funkthat.com> wrote:
>
[huge snip]
> > Ok, decided to run AFL on fsck, and this one was the first crash it
> > discovered. The problem is that ctime can return NULL, and the return
> > value isn't checked, because it then immediately does &p[4] which
> > results is printf and friends being passed 0x4.
> >
> > Simple test program that demonstrates this problem:
> > #include <time.h>
> > #include <stdio.h>
> >
> > int
> > main()
> > {
> > const char *p;
> > time_t t;
> >
> > t = -5098919203113507862;
> >
> > p = ctime(&t);
> >
> > printf("MTIME=%12.12s %4.4s ", &p[4], &p[20]);
> >
> > return 0;
> > }
> >
> > I'm not sure what the correct fix is for when times are wildly out of
> > valid range.
> >
Is this a demonstration that the fsck segfault can be reproduced
independtly of my particular corrupt filesystem? AFL is new to me.
Thanks for reading,
bob prohaska
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230214161415.GA28276>