[Bug 1342255] Re: `malloc(): corrupted unsorted chunks 2` after copying data from hfsplus partition with cp

Phillip Susi psusi at ubuntu.com
Mon Nov 10 19:41:13 UTC 2014 

** Package changed: gparted (Ubuntu) => parted (Ubuntu)

** Changed in: parted (Ubuntu)
       Status: Confirmed => In Progress

** Changed in: parted (Ubuntu)
     Assignee: (unassigned) => Phillip Susi (psusi)

** Summary changed:

- `malloc(): corrupted unsorted chunks 2` after copying data from hfsplus partition with cp
+ SRU: fix parted memory corruption crash

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to parted in Ubuntu.
https://bugs.launchpad.net/bugs/1342255

Title:
  SRU: fix parted memory corruption crash

Status in “parted” package in Ubuntu:
  In Progress

Bug description:
  [Impact]

  Parted, and tools that depend on it like gparted, crash or have other
  errant behavior due to memory corruption.

  [Test Case]

  Create a fat16 partition and use gparted to resize it.

  [Regression Potential]
  Minimal: patch just fixes the code to check for a null pointer and avoid dereferencing it.

  [Other Info]

  Mike Fleetwood discovered a memory corruption error in parted while
  investigating a crash report against upstream gparted.  The fix has
  been applied to the upstream parted git repo and needs cherry picked
  to our parted release in 14.04.

  Patch notes:

      lib-fs-resize: Prevent crash resizing FAT16 file systems

      Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c
      create_resize_context() because it was dereferencing NULL pointer
      fs_info->info_sector to copy the info_sector.

      Only FAT32 file systems have info_sector populated by fat_open() ->
      fat_info_sector_read().  FAT12 and FAT16 file systems don't have an
      info_sector so pointer fs_info->info_sector remains assigned NULL from
      fat_alloc().  When resizing a FAT file system create_resize_context()
      was always dereferencing fs_info->info_sector to memory copy the
      info_sector, hence it crashed for FAT12 and FAT16.

      Make create_resize_context() only copy the info_sector for FAT32 file
      systems.

      Reported by Christian Hesse in
      https://bugzilla.gnome.org/show_bug.cgi?id=735669

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parted/+bug/1342255/+subscriptions

More information about the foundations-bugs mailing list