[BUG] fat_write: crash in set_start_cluster()
Heinrich Schuchardt
xypron.glpk at gmx.de
Tue Nov 10 12:57:07 CET 2020
I just fixed one bug in EFI_FILE_PROTOCOL.SetInfo(), cf.
[PATCH 1/1] efi_loader: incorrect buffer size in efi_file_setinfo()
https://lists.denx.de/pipermail/u-boot/2020-November/432480.html
With this patch applied when running the UEFI SCT test GetInfoFunction
on sandbox_defconfig on aarch64 a crash occurs in set_start_cluster()
because dentptr is NULL. This happens when trying to create a new file
with a long name in the root directory.
│ 697 /*
│ 698 * Set start cluster in directory entry
│ 699 */
│ 700 static void set_start_cluster(const fsdata *mydata, dir_entry
*dentptr,
│ 701 __u32 start_cluster)
│ 702 {
│ 703 if (mydata->fatsize == 32)
│ 704 dentptr->starthi =
│ 705 cpu_to_le16((start_cluster & 0xffff0000)
>> 16);
│ >706 dentptr->start = cpu_to_le16(start_cluster & 0xffff);
│ 707 }
Program received signal SIGSEGV, Segmentation fault.
0x0000aaaaaab83418 in fill_dentry (
mydata=<optimized out>,
start_cluster=0,
attr=32 ' ',
size=0,
filename=0x1553f421 "BBTestGetInfoBasicTestCheckpoint3_File_92",
dentptr=0x0)
at fs/fat/fat_write.c:706
(gdb) p dentptr
$1 = (dir_entry *) 0x0
called via
>1195 fill_dentry(itr->fsdata, itr->dent, filename, 0, size, 0x20);
>563 ret = info->write(filename, buf, offset, len, actwrite);
After running only the GetInfoFunctionTest up to the crash the file
system is already heavily corrupted:
Orphaned long file name part "Sct.log"
Orphaned long file name part "verbose.mode"
Orphaned long file name part "[abc123]][()].Aa [b"
Orphaned long file name part "[abc123]][()].Aa [b"
Orphaned long file name part "BBTestGetInfoBasicTestCheckpoint3_File_92"
/BBTestGetInfoBasicTestCheckpoint3_File_0
80 Duplicate directory entries
Orphaned long file name part "TestCase.ini"
Orphaned long file name part "Summary.log"
...
So there seem to be multiple bugs in our FAT file system related to long
file names.
Best regards
Heinrich
More information about the U-Boot
mailing list