Site Navigation

Date:      Tue, 29 Jul 2025 13:22:28 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 288536] makefs: crash when making cd9660 image
Message-ID:  <bug-288536-227@https.bugs.freebsd.org/bugzilla/>

---

index | next in thread | raw e-mail

---

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288536

            Bug ID: 288536
           Summary: makefs: crash when making cd9660 image
           Product: Base System
           Version: 14.3-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: 18241439770@qq.com

I was trying to make a release dvd with KDE desktop and makefs crashed when
making iso.

cd /usr/src
make buildworld buildkernel
make -C release dvd
chroot /usr/obj/usr/usr/src/amd64.amd64/release/dvd
# in chroot, /tmp/bsdinstall_etc/resolv.conf created
pkg install kde xorg sddm dbus plasma6-sddm-kcm
service sddm enable
service dbus enable
pkg install drm-kmod
sysrc kld_list="i915kms amdgpu"
pkg clean -a
exit
# outside chroot
make -C release dvdrom
# makefs crash and make a coredump when making iso

I used lldb to load the coredump file and here are some outputs:
(lldb) bt
* thread #1, name = 'makefs', stop reason = signal SIGSEGV
  * frame #0: 0x00000eaaea2e346f libc.so.7`memcpy at memmove.S:304
    frame #1: 0x00000ea2c8d51df2 makefs`cd9660_convert_structure [inlined]
cd9660_rename_filename(diskStructure=0x000034138e434000,
iter=0x00003413983108c0, num=24, delete_chars=16) at cd9660.c:1110:3
    frame #2: 0x00000ea2c8d51cca makefs`cd9660_convert_structure [inlined]
cd9660_handle_collisions(diskStructure=0x000034138e434000,
colliding=0x000034139830ec00, past=24) at cd9660.c:1027:10
    frame #3: 0x00000ea2c8d51b9a
makefs`cd9660_convert_structure(diskStructure=0x000034138e434000,
root=<unavailable>, parent_node=0x000034139830ec00, level=<unavailable>,
numDirectories=0x00000eaae98babec, error=0x00000eaae98babe8) at
cd9660.c:1458:10
    frame #4: 0x00000ea2c8d51a36
makefs`cd9660_convert_structure(diskStructure=0x000034138e434000,
root=<unavailable>, parent_node=0x000034139830d800, level=5,
numDirectories=0x00000eaae98babec, error=0x00000eaae98babe8) at cd9660.c:1415:6
    frame #5: 0x00000ea2c8d51a36
makefs`cd9660_convert_structure(diskStructure=0x000034138e434000,
root=<unavailable>, parent_node=0x00003413982dc980, level=4,
numDirectories=0x00000eaae98babec, error=0x00000eaae98babe8) at cd9660.c:1415:6
    frame #6: 0x00000ea2c8d51a36
makefs`cd9660_convert_structure(diskStructure=0x000034138e434000,
root=<unavailable>, parent_node=0x0000341396b09640, level=3,
numDirectories=0x00000eaae98babec, error=0x00000eaae98babe8) at cd9660.c:1415:6
    frame #7: 0x00000ea2c8d51a36
makefs`cd9660_convert_structure(diskStructure=0x000034138e434000,
root=<unavailable>, parent_node=0x000034138e42be80, level=2,
numDirectories=0x00000eaae98babec, error=0x00000eaae98babe8) at cd9660.c:1415:6
    frame #8: 0x00000ea2c8d51a36
makefs`cd9660_convert_structure(diskStructure=0x000034138e434000,
root=<unavailable>, parent_node=0x000034138e428140, level=1,
numDirectories=0x00000eaae98babec, error=0x00000eaae98babe8) at cd9660.c:1415:6
    frame #9: 0x00000ea2c8d50d0f makefs`cd9660_makefs(image="/root/dvd1.iso",
dir=<unavailable>, root=0x000034138e44d060, fsopts=<unavailable>) at
cd9660.c:512:2
    frame #10: 0x00000ea2c8d569a5 makefs`main(argc=2, argv=0x00000eaae98baf38)
at makefs.c:347:2
    frame #11: 0x00000eaaea20ee34 libc.so.7`__libc_start1(argc=24,
argv=0x00000eaae98bae88, env=0x00000eaae98baf50, cleanup=<unavailable>,
mainX=(makefs`main at makefs.c:95)) at libc_start1.c:157:7
    frame #12: 0x00000ea2c8d4fcb1 makefs`_start at crt1_s.S:80

(lldb) frame select 1
frame #1: 0x00000ea2c8d51df2 makefs`cd9660_convert_structure [inlined]
cd9660_rename_filename(diskStructure=0x000034138e434000,
iter=0x00003413983108c0, num=24, delete_chars=16) at cd9660.c:1110:3
   1107 #endif
   1108
   1109                 /* (copying just the filename before the '.' */
-> 1110                 memcpy(tmp, (iter->o_name), numbts);
   1111
   1112                 /* adding the appropriate number following the name */
   1113                 temp = i;

(lldb) frame variable
(iso9660_disk *) diskStructure = 0x000034138e434000
(cd9660node *) iter = 0x00003413983108c0
(int) num = 24
(int) delete_chars = 16
(int) i = 0
(int) maxlength = 31
(char *) tmp = 0x00003413962492a0 "KTERMIN8;1"
(int) powers = <variable not available>
(int) digits = <variable not available>
(char *) naming = <variable not available>
(int) count = <variable not available>
(int) numbts = <register rcx is not available>
(int) temp = <variable not available>
(int) digit = <variable not available>

(lldb) register read
General Purpose Registers:
       rbx = 0x000000000000001f
       rbp = 0x00000eaae98ba7b0
       rsp = 0x00000eaae98ba6f0
       r12 = 0x0000000000000001
       r13 = 0x0000000000000001
       r14 = 0xffffffffffffffff
       r15 = 0x0000000000000010
       rip = 0x00000ea2c8d51df2  makefs`cd9660_convert_structure + 2322
[inlined] cd9660_rename_filename + 296 at cd9660.c:1114:3
  makefs`cd9660_convert_structure + 2026 [inlined] cd9660_handle_collisions +
304 at cd9660.c:1027:10
  makefs`cd9660_convert_structure + 1722 at cd9660.c:1458:10
16 registers were unavailable.

(lldb) p *iter
(cd9660node) {
  type = '\x01'
  parent = 0x000034139830ec00
  cn_children = {
    tqh_first = NULL
    tqh_last = 0x00003413983108d0
  }
  cn_next_child = {
    tqe_next = 0x0000341398310640
    tqe_prev = 0x000034139830ec10
  }
  dot_record = NULL
  dot_dot_record = NULL
  node = 0x000034139014b920
  isoDirRecord = 0x00003413982ffbb0
  isoExtAttributes = NULL
  fileDataSector = 0
  fileDataLength = 5003
  fileSectorsUsed = 0
  fileRecordSize = 0
  o_name = {
    [0] = 'K'
    [1] = 'I'
    [2] = 'O'
    [3] = 'G'
    [4] = 'U'
    [5] = 'I'
    [6] = '_'
    [7] = 'E'
    [8] = 'X'
    [9] = 'P'
    [10] = 'O'
    [11] = 'R'
    [12] = 'T'
    [13] = '.'
    [14] = 'H'
    [15] = ';'
    [16] = '1'
    [17] = '\0'
    [18] = '\0'
    [19] = '\0'
    [20] = '\0'
    [21] = '\0'
    [22] = '\0'
    [23] = '\0'
    [24] = '\0'
    [25] = '\0'
    [26] = '\0'
    [27] = '\0'
    [28] = '\0'
    [29] = '\0'
    [30] = '\0'
    [31] = '\0'
    [32] = '\0'
    [33] = '\0'
    [34] = '\0'
    [35] = '\0'
    [36] = '\0'
    [37] = '\0'
  }
  rr_real_parent = NULL
  rr_relocated = NULL
  susp_entry_size = 0
  susp_dot_entry_size = 0
  susp_dot_dot_entry_size = 0
  susp_entry_ce_start = 0
  susp_dot_ce_start = 0
  susp_dot_dot_ce_start = 0
  susp_entry_ce_length = 0
  susp_dot_ce_length = 0
  susp_dot_dot_ce_length = 0
  su_tail_size = 0
  su_tail_data = 0x0000000000000000
  level = 6
  ptnumber = 0
  ptnext = NULL
  ptprev = NULL
  ptlast = NULL
  head = {
    tqh_first = NULL
    tqh_last = NULL
  }
}

It seems that delete_chars is too big. I didn't look into it deeply.
Here is the coredump file
https://www.dropbox.com/scl/fi/lw885udvbb0pz6ycntlig/makefs.core?rlkey=s2gnnffek230qbgqacub1fw57&st=k8o1xxh3&dl=0

-- 
You are receiving this mail because:
You are the assignee for the bug.

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-288536-227>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact