[Bug 1342255] Re: SRU: fix parted memory corruption crash

Launchpad Bug Tracker 1342255 at bugs.launchpad.net
Fri Mar 27 06:28:51 UTC 2015 

This bug was fixed in the package parted - 3.2-7

---------------
parted (3.2-7) unstable; urgency=medium


  [ Phillip Susi ]
  * Cherry pick upstream patch to fix a crash when resizing fat16
    (LP: #1342255).

  [ Colin Watson ]
  * Drop libparted2's alternative Suggests on nparted, which has not been in
    Debian for a decade or so.

 -- Colin Watson <cjwatson at debian.org>  Thu, 19 Mar 2015 10:58:55 +0000

** Changed in: parted (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to parted in Ubuntu.
https://bugs.launchpad.net/bugs/1342255

Title:
  SRU: fix parted memory corruption crash

Status in parted package in Ubuntu:
  Fix Released
Status in parted source package in Trusty:
  New

Bug description:
  [Impact]

  Parted, and tools that depend on it like gparted, crash or have other
  errant behavior due to memory corruption.

  [Test Case]

  Create a fat16 partition and use gparted to resize it.

  [Regression Potential]
  Minimal: patch just fixes the code to check for a null pointer and avoid dereferencing it.

  [Other Info]

  Mike Fleetwood discovered a memory corruption error in parted while
  investigating a crash report against upstream gparted.  The fix has
  been applied to the upstream parted git repo and needs cherry picked
  to our parted release in 14.04.

  Patch notes:

      lib-fs-resize: Prevent crash resizing FAT16 file systems

      Resizing FAT16 file system crashes in libparted/fs/r/fat/resize.c
      create_resize_context() because it was dereferencing NULL pointer
      fs_info->info_sector to copy the info_sector.

      Only FAT32 file systems have info_sector populated by fat_open() ->
      fat_info_sector_read().  FAT12 and FAT16 file systems don't have an
      info_sector so pointer fs_info->info_sector remains assigned NULL from
      fat_alloc().  When resizing a FAT file system create_resize_context()
      was always dereferencing fs_info->info_sector to memory copy the
      info_sector, hence it crashed for FAT12 and FAT16.

      Make create_resize_context() only copy the info_sector for FAT32 file
      systems.

      Reported by Christian Hesse in
      https://bugzilla.gnome.org/show_bug.cgi?id=735669

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parted/+bug/1342255/+subscriptions

More information about the foundations-bugs mailing list