Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash)
- Reply: John-Mark Gurney : "Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash)"
- In reply to: Mark Millard : "Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 14 Feb 2023 16:14:15 UTC
> On Feb 13, 2023, at 15:25, John-Mark Gurney <jmg@funkthat.com> wrote: > [huge snip] > > Ok, decided to run AFL on fsck, and this one was the first crash it > > discovered. The problem is that ctime can return NULL, and the return > > value isn't checked, because it then immediately does &p[4] which > > results is printf and friends being passed 0x4. > > > > Simple test program that demonstrates this problem: > > #include <time.h> > > #include <stdio.h> > > > > int > > main() > > { > > const char *p; > > time_t t; > > > > t = -5098919203113507862; > > > > p = ctime(&t); > > > > printf("MTIME=%12.12s %4.4s ", &p[4], &p[20]); > > > > return 0; > > } > > > > I'm not sure what the correct fix is for when times are wildly out of > > valid range. > > Is this a demonstration that the fsck segfault can be reproduced independtly of my particular corrupt filesystem? AFL is new to me. Thanks for reading, bob prohaska