From 1e9e770f4bc7f3d80e09ecd1df58575fad064163 Mon Sep 17 00:00:00 2001 From: Mike Fleetwood Date: Sun, 28 Sep 2014 16:15:48 +0100 Subject: [PATCH] lib-fs-resize: Prevent crash resizing FAT16 file systems Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c create_resize_context() because it was dereferencing NULL pointer fs_info->info_sector to copy the info_sector. Only FAT32 file systems have info_sector populated by fat_open() -> fat_info_sector_read(). FAT12 and FAT16 file systems don't have an info_sector so pointer fs_info->info_sector remains assigned NULL from fat_alloc(). When resizing a FAT file system create_resize_context() was always dereferencing fs_info->info_sector to memory copy the info_sector, hence it crashed for FAT12 and FAT16. Make create_resize_context() only copy the info_sector for FAT32 file systems. Reported by Christian Hesse in https://bugzilla.gnome.org/show_bug.cgi?id=735669 --- NEWS | 4 ++++ libparted/fs/r/fat/resize.c | 12 +++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) Index: parted-3.2/NEWS =================================================================== --- parted-3.2.orig/NEWS +++ parted-3.2/NEWS @@ -160,6 +160,10 @@ GNU parted NEWS System partitions) or "msftres" (which sets the "Microsoft Reserved" type code). +** Bug Fixes + + libparted-fs-resize: Prevent crash resizing FAT16 file systems. + * Noteworthy changes in release 3.1 (2012-03-02) [stable] Index: parted-3.2/libparted/fs/r/fat/resize.c =================================================================== --- parted-3.2.orig/libparted/fs/r/fat/resize.c +++ parted-3.2/libparted/fs/r/fat/resize.c @@ -668,11 +668,17 @@ create_resize_context (PedFileSystem* fs /* preserve boot code, etc. */ new_fs_info->boot_sector = ped_malloc (new_geom->dev->sector_size); - new_fs_info->info_sector = ped_malloc (new_geom->dev->sector_size); memcpy (new_fs_info->boot_sector, fs_info->boot_sector, new_geom->dev->sector_size); - memcpy (new_fs_info->info_sector, fs_info->info_sector, - new_geom->dev->sector_size); + new_fs_info->info_sector = NULL; + if (fs_info->fat_type == FAT_TYPE_FAT32) + { + PED_ASSERT (fs_info->info_sector != NULL); + new_fs_info->info_sector = + ped_malloc (new_geom->dev->sector_size); + memcpy (new_fs_info->info_sector, fs_info->info_sector, + new_geom->dev->sector_size); + } new_fs_info->logical_sector_size = fs_info->logical_sector_size; new_fs_info->sector_count = new_geom->length;