coreutils/coreutils-cp-corrupt-fragmented-sparse.patch

110 lines
4.0 KiB
Diff
Raw Normal View History

commit 64aef5fb9afecc023a6e719da161dbbf450908b8
Author: Jim Meyering <jim@meyering.net>
Date: Tue Oct 16 17:43:49 2012 +0200
cp: avoid data-corrupting free-memory-read
NEWS entry:
cp could read from freed memory and could even make corrupt copies.
This could happen with a very fragmented and sparse input file,
on GNU/Linux file systems supporting fiemap extent scanning.
This bug also affects mv when it resorts to copying, and install.
[bug introduced in coreutils-8.11]
* src/extent-scan.c (extent_scan_read): Reset our last_ei
pointer whenever the parent buffer might have just been freed.
* tests/cp/fiemap-extent-FMR.sh: New test.
* tests/local.mk (all_tests): Add it.
* NEWS (Bug fixes): Mention it.
Reported by Mike Gerth in http://bugs.gnu.org/12656, and with
help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85.
Index: src/extent-scan.c
===================================================================
--- src/extent-scan.c.orig
+++ src/extent-scan.c
@@ -89,7 +89,7 @@ extern bool
extent_scan_read (struct extent_scan *scan)
{
unsigned int si = 0;
- struct extent_info *last_ei IF_LINT ( = scan->ext_info);
+ struct extent_info *last_ei = scan->ext_info;
while (true)
{
@@ -127,8 +127,14 @@ extent_scan_read (struct extent_scan *sc
assert (scan->ei_count <= SIZE_MAX - fiemap->fm_mapped_extents);
scan->ei_count += fiemap->fm_mapped_extents;
- scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
- sizeof (struct extent_info));
+ {
+ /* last_ei points into a buffer that may be freed via xnrealloc.
+ Record its offset and adjust after allocation. */
+ size_t prev_idx = last_ei - scan->ext_info;
+ scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
+ sizeof (struct extent_info));
+ last_ei = scan->ext_info + prev_idx;
+ }
unsigned int i = 0;
for (i = 0; i < fiemap->fm_mapped_extents; i++)
Index: tests/cp/fiemap-FMR
===================================================================
--- /dev/null
+++ tests/cp/fiemap-FMR
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) * src/cut.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch) - Fix test-suite errors (bnc#798261). * tests/cp/fiemap-FMR: Fix path to src directory and declare require_valgrind_ function. (coreutils-cp-corrupt-fragmented-sparse.patch) * tests/misc/cut: Fix src/cut.c to properly pass output-delimiter tests. Synchronize cut.c related part of the i18n patch with Fedora's. Merge coreutils-i18n-infloop.patch into coreutils-i18n.patch. Merge coreutils-i18n-uninit.patch into coreutils-i18n.patch. In tests/misc/cut, do not replace the non-i18n error messages. (coreutils-i18n.patch) * tests/rm/ext3-perf: This test failed due to heavy parallel CPU and/or disk load because it is based on timeouts. Do not run the test-suite with 'make -jN. (coreutils.spec, coreutils-testsuite.spec) * Further spec changes: Run more tests: also run "very expensive" tests; add acl, python-pyinotify, strace and valgrind to the build requirements. Remove patch5 and patch6 as they are now merged into coreutils-i18n.patch (see above). (coreutils.spec, coreutils-testsuite.spec) - Maintenance changes: (coreutils.spec, coreutils-testsuite.spec) * Add perl and texinfo to the build requirements as they are needed to re-generate the man pages and the texinfo documentation. * Remove already-active "-Wall" compiler option from CFLAGS variable. * Install the compressed test-suite.log into the documentation directory of the coreutils-testsuite package (section %check and %files). * Properly guard the spec sections for the coreutils and the coreutils-testsuite package. * Update patches to reflect new line numbers. OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=172
2013-01-16 20:09:57 +01:00
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Trigger a free-memory read bug in cp from coreutils-[8.11..8.19]
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) * src/cut.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch) - Fix test-suite errors (bnc#798261). * tests/cp/fiemap-FMR: Fix path to src directory and declare require_valgrind_ function. (coreutils-cp-corrupt-fragmented-sparse.patch) * tests/misc/cut: Fix src/cut.c to properly pass output-delimiter tests. Synchronize cut.c related part of the i18n patch with Fedora's. Merge coreutils-i18n-infloop.patch into coreutils-i18n.patch. Merge coreutils-i18n-uninit.patch into coreutils-i18n.patch. In tests/misc/cut, do not replace the non-i18n error messages. (coreutils-i18n.patch) * tests/rm/ext3-perf: This test failed due to heavy parallel CPU and/or disk load because it is based on timeouts. Do not run the test-suite with 'make -jN. (coreutils.spec, coreutils-testsuite.spec) * Further spec changes: Run more tests: also run "very expensive" tests; add acl, python-pyinotify, strace and valgrind to the build requirements. Remove patch5 and patch6 as they are now merged into coreutils-i18n.patch (see above). (coreutils.spec, coreutils-testsuite.spec) - Maintenance changes: (coreutils.spec, coreutils-testsuite.spec) * Add perl and texinfo to the build requirements as they are needed to re-generate the man pages and the texinfo documentation. * Remove already-active "-Wall" compiler option from CFLAGS variable. * Install the compressed test-suite.log into the documentation directory of the coreutils-testsuite package (section %check and %files). * Properly guard the spec sections for the coreutils and the coreutils-testsuite package. * Update patches to reflect new line numbers. OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=172
2013-01-16 20:09:57 +01:00
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ cp
+
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) * src/cut.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch) - Fix test-suite errors (bnc#798261). * tests/cp/fiemap-FMR: Fix path to src directory and declare require_valgrind_ function. (coreutils-cp-corrupt-fragmented-sparse.patch) * tests/misc/cut: Fix src/cut.c to properly pass output-delimiter tests. Synchronize cut.c related part of the i18n patch with Fedora's. Merge coreutils-i18n-infloop.patch into coreutils-i18n.patch. Merge coreutils-i18n-uninit.patch into coreutils-i18n.patch. In tests/misc/cut, do not replace the non-i18n error messages. (coreutils-i18n.patch) * tests/rm/ext3-perf: This test failed due to heavy parallel CPU and/or disk load because it is based on timeouts. Do not run the test-suite with 'make -jN. (coreutils.spec, coreutils-testsuite.spec) * Further spec changes: Run more tests: also run "very expensive" tests; add acl, python-pyinotify, strace and valgrind to the build requirements. Remove patch5 and patch6 as they are now merged into coreutils-i18n.patch (see above). (coreutils.spec, coreutils-testsuite.spec) - Maintenance changes: (coreutils.spec, coreutils-testsuite.spec) * Add perl and texinfo to the build requirements as they are needed to re-generate the man pages and the texinfo documentation. * Remove already-active "-Wall" compiler option from CFLAGS variable. * Install the compressed test-suite.log into the documentation directory of the coreutils-testsuite package (section %check and %files). * Properly guard the spec sections for the coreutils and the coreutils-testsuite package. * Update patches to reflect new line numbers. OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=172
2013-01-16 20:09:57 +01:00
+# Skip the current test if valgrind doesn't work,
+# which could happen if not installed,
+# or hasn't support for the built architecture,
+# or hasn't appropriate error suppressions installed etc.
+require_valgrind_()
+{
+ valgrind --error-exitcode=1 true 2>/dev/null ||
+ skip_ "requires a working valgrind"
+}
+
+require_valgrind_
+require_perl_
+: ${PERL=perl}
+
+$PERL -e 'for (1..600) { sysseek (*STDOUT, 4096, 1)' \
+ -e '&& syswrite (*STDOUT, "a" x 1024) or die "$!"}' > j || fail=1
+valgrind --quiet --error-exitcode=3 cp j j2 || fail=1
+cmp j j2 || fail=1
+
+Exit $fail
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig
+++ tests/Makefile.am
@@ -342,6 +342,7 @@ TESTS = \
cp/existing-perm-race \
cp/fail-perm \
cp/fiemap-empty \
+ cp/fiemap-FMR \
cp/fiemap-perf \
cp/fiemap-2 \
cp/file-perm-race \