--- /dev/null
+# HG changeset patch
+# User tytso@mit.edu
+# Date Mon Jul 4 17:53:36 2005
+# Node ID 0502b63a5be9cb490c0c9086fa05edc1b1712a78
+# parent: cfa81ec1f92f63b70060bc4340e830adc635c8c4
+[BUGFIX]: E2fsck will segfault on disconnected inode with extended attribute(s)
+
+This was actually caused by two bugs. The first bug is that if the
+inode has been fully fixed up, the code will attempt to remove the
+inode from the inode_bad_map without checking to see if this bitmap is
+present. Since it is cleared at the end of pass 2, if
+e2fsck_process_bad_inode is called in pass 4 (as it is for
+disconnected inodes), this would result in a core dump.
+
+The first bug was mostly hidden by a second bug, which caused
+e2fsck_process_bad_inode() to consider all inodes without an extended
+attribute to be not fixed.
+
+Note: This bug was introduced in e2fsprogs 1.36.
+
+(Addresses Debian Bug: #316736)
+
+
+
+--- a/e2fsck/ChangeLog Mon Jul 4 17:24:40 2005
++++ b/e2fsck/ChangeLog Mon Jul 4 17:53:36 2005
+@@ -1,3 +1,19 @@
++2005-07-04 Theodore Ts'o <tytso@mit.edu>
++
++ * pass2.c (e2fsck_process_bad_inode): Fixed bug which could cause
++ e2fsck to core dump if a disconnected inode contained an
++ extended attribute. This was actually caused by two bugs.
++ The first bug is that if the inode has been fully fixed
++ up, the code will attempt to remove the inode from the
++ inode_bad_map without checking to see if this bitmap is
++ present. Since it is cleared at the end of pass 2, if
++ e2fsck_process_bad_inode is called in pass 4 (as it is for
++ disconnected inodes), this would result in a core dump.
++ This bug was mostly hidden by a second bug, which caused
++ e2fsck_process_bad_inode() to consider all inodes without
++ an extended attribute to be not fixed. (Addresses Debian
++ Bug: #316736)
++
+ 2006-06-30 Theodore Ts'o <tytso@mit.edu>
+
+ * Release of E2fsprogs 1.38
+--- a/e2fsck/pass2.c Mon Jul 4 17:24:40 2005
++++ b/e2fsck/pass2.c Mon Jul 4 17:53:36 2005
+@@ -1184,27 +1184,29 @@
+ pctx.inode = &inode;
+
+ if (inode.i_file_acl &&
+- !(fs->super->s_feature_compat & EXT2_FEATURE_COMPAT_EXT_ATTR) &&
+- fix_problem(ctx, PR_2_FILE_ACL_ZERO, &pctx)) {
+- inode.i_file_acl = 0;
++ !(fs->super->s_feature_compat & EXT2_FEATURE_COMPAT_EXT_ATTR)) {
++ if (fix_problem(ctx, PR_2_FILE_ACL_ZERO, &pctx)) {
++ inode.i_file_acl = 0;
+ #ifdef EXT2FS_ENABLE_SWAPFS
+- /*
+- * This is a special kludge to deal with long symlinks
+- * on big endian systems. i_blocks had already been
+- * decremented earlier in pass 1, but since i_file_acl
+- * hadn't yet been cleared, ext2fs_read_inode()
+- * assumed that the file was short symlink and would
+- * not have byte swapped i_block[0]. Hence, we have
+- * to byte-swap it here.
+- */
+- if (LINUX_S_ISLNK(inode.i_mode) &&
+- (fs->flags & EXT2_FLAG_SWAP_BYTES) &&
+- (inode.i_blocks == fs->blocksize >> 9))
+- inode.i_block[0] = ext2fs_swab32(inode.i_block[0]);
++ /*
++ * This is a special kludge to deal with long
++ * symlinks on big endian systems. i_blocks
++ * had already been decremented earlier in
++ * pass 1, but since i_file_acl hadn't yet
++ * been cleared, ext2fs_read_inode() assumed
++ * that the file was short symlink and would
++ * not have byte swapped i_block[0]. Hence,
++ * we have to byte-swap it here.
++ */
++ if (LINUX_S_ISLNK(inode.i_mode) &&
++ (fs->flags & EXT2_FLAG_SWAP_BYTES) &&
++ (inode.i_blocks == fs->blocksize >> 9))
++ inode.i_block[0] = ext2fs_swab32(inode.i_block[0]);
+ #endif
+- inode_modified++;
+- } else
+- not_fixed++;
++ inode_modified++;
++ } else
++ not_fixed++;
++ }
+
+ if (!LINUX_S_ISDIR(inode.i_mode) && !LINUX_S_ISREG(inode.i_mode) &&
+ !LINUX_S_ISCHR(inode.i_mode) && !LINUX_S_ISBLK(inode.i_mode) &&
+@@ -1302,7 +1304,7 @@
+
+ if (inode_modified)
+ e2fsck_write_inode(ctx, ino, &inode, "process_bad_inode");
+- if (!not_fixed)
++ if (!not_fixed && ctx->inode_bad_map)
+ ext2fs_unmark_inode_bitmap(ctx->inode_bad_map, ino);
+ return 0;
+ }
+
projects / packages / e2fsprogs.git / commitdiff