[Bug 257768] Corrupt UDF disk image can cause crash when mounted.

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 27 Jul 2023 23:08:32 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257768

John Baldwin <jhb@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|fs@FreeBSD.org              |jhb@FreeBSD.org
                 CC|                            |jhb@FreeBSD.org

--- Comment #3 from John Baldwin <jhb@FreeBSD.org> ---
Thanks for the report.  I have a UDF-specific fix at
https://reviews.freebsd.org/D41220.

However, I somewhat worry that bread*() and getblk() have no checks for
negative sizes in general, and struct buf is full of signed fields for lengths
(b_bcount, b_length, b_kvasize) that really should all be unsigned I think.  I
think the code effectively treats the values as unsigned in practice, but there
might be some subtle bugs due to the signed lengths.

-- 
You are receiving this mail because:
You are the assignee for the bug.