#1 Crash in deallocate()

open
nobody
None
5
2013-10-30
2009-10-15
Daniel Mack
No

I recently had a reproducable segfault in dealloc() with an ext2 image.
The backtrace looked like this.

Program received signal SIGSEGV, Segmentation fault.
0x08049b32 in deallocate (b=0xb276bc08 '�' <repeats 200 times>..., item=0) at genext2fs.c:868
868 b[(item-1) / 8] &= ~(1 << ((item-1) % 8));
(gdb) bt
#0 0x08049b32 in deallocate (b=0xb276bc08 '�' <repeats 200 times>..., item=0) at genext2fs.c:868
#1 0x08049d7e in free_blk (fs=0xb1b33008, bk=0) at genext2fs.c:906
#2 0x0804a330 in walk_bw (fs=0xb1b33008, nod=621, bw=0xbf9c643c, create=0xbf9c6460, hole=0) at genext2fs.c:1026
#3 0x0804b075 in extend_blk (fs=0xb1b33008, nod=621, b=0x0, amount=-256) at genext2fs.c:1219
#4 0x0804bb96 in mkfile_fs (fs=0xb1b33008, parent_nod=615, name=0x9cd30eb "testimg.raw", mode=420, size=261120,
f=0x9cd40d0, uid=1000, gid=1000, ctime=4294967295, mtime=1253673721) at genext2fs.c:1441
#5 0x0804c7ee in add2fs_from_dir (fs=0xb1b33008, this_nod=615, squash_uids=0, squash_perms=0, fs_timestamp=4294967295,
stats=0x0) at genext2fs.c:1709
#6 0x0804c88b in add2fs_from_dir (fs=0xb1b33008, this_nod=2, squash_uids=0, squash_perms=0, fs_timestamp=4294967295,
stats=0x0) at genext2fs.c:1716
#7 0x0804e843 in populate_fs (fs=0xb1b33008, dopt=0xbf9c6980, didx=1, squash_uids=0, squash_perms=0,
fs_timestamp=4294967295, stats=0x0) at genext2fs.c:2404
#8 0x0804ef9c in main (argc=6, argv=0xbf9c6ec4) at genext2fs.c:2623

I tried to get my head around what's actually going wrong, why
free_blk() is called with bk=0 and why this can't be intended as the
code in dealloc() can't handle that as it currently stands. But I gave
up on it after awhile, as I - frankly - have no clue about the internals
of ext2. The version was 1.4.1.

I shipped around that by making the template file slightly smaller now,
so it doesn't bite anymore at the moment. It still feels wacky though,
so fixing that would certainly be better.

Can anyone she some light?

Discussion

  • Finn Thain
    Finn Thain
    2013-10-30

    Please test with latest code. If the bug is still present, please provide instructions for us to reproduce the bug.