Debian Bug report logs - #368969
rounding error causes generation of invalid filesystems

version graph

Package: squashfs-tools; Maintainer for squashfs-tools is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for squashfs-tools is src:squashfs-tools (PTS, buildd, popcon).

Reported by: Scott James Remnant <scott@ubuntu.com>

Date: Fri, 26 May 2006 12:33:02 UTC

Severity: critical

Tags: patch, upstream

Found in version squashfs-tools/1:2.2r2-2ubuntu2

Fixed in version squashfs/1:3.0-5

Done: Arnaud Fontaine <arnaud@andesi.org>

Bug is archived. No further changes may be made.

Forwarded to phillip@lougher.demon.co.uk

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Arnaud Fontaine <arnaud@andesi.org>:
Bug#368969; Package squashfs-tools. (full text, mbox, link).

Acknowledgement sent to Scott James Remnant <scott@ubuntu.com>:
New Bug report received and forwarded. Copy sent to Arnaud Fontaine <arnaud@andesi.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Scott James Remnant <scott@ubuntu.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: rounding error causes generation of invalid filesystems
Date: Fri, 26 May 2006 13:00:54 +0100
[Message part 1 (text/plain, inline)]
Package: squashfs-tools
Version: 1:2.2r2-2ubuntu2
Severity: critical
Tags: patch

Justification: causes the kernel to PANIC on an attempt to read from the
generated filesystem (unrelated package to break); and vital indexes are
lost so data in the generated filesystem cannot be retrieved (data loss)


Attached is a patch to correct a rounding error in the generation of the
fragment table indexes of generated squashfs filesystems.  If the number
of fragments divides evenly into the size of each fragment table chunk
then the code believes that there are 0 bytes available in the buffer
rather then 8192 bytes.

This results in code being unable to obtain the final part of the
fragment index, making the files inaccessible and due to insufficient
sanity checking in the kernel code, the kernel PANIC.

I've also sent this patch upstream, who has verified that it is correct
and there is indeed a bug here.  Note that although the patch is against
2.2r2, the difference is small enough that it will apply successfully to
3.0

Scott
-- 
Scott James Remnant
scott@ubuntu.com

[squashfs-2.2r2.save-the-installer.patch (text/x-patch, inline)]
diff -ruNp squashfs-2.2r2~/squashfs-tools/mksquashfs.c squashfs-2.2r2/squashfs-tools/mksquashfs.c
--- squashfs-2.2r2~/squashfs-tools/mksquashfs.c	2006-05-26 03:13:44.000000000 +0100
+++ squashfs-2.2r2/squashfs-tools/mksquashfs.c	2006-05-26 03:25:33.000000000 +0100
@@ -942,7 +942,7 @@ unsigned int write_fragment_table()
 	}
 
 	for(i = 0; i < meta_blocks; i++) {
-		int avail_bytes = i == meta_blocks - 1 ? frag_bytes % SQUASHFS_METADATA_SIZE : SQUASHFS_METADATA_SIZE;
+		int avail_bytes = i == meta_blocks - 1 ? frag_bytes - SQUASHFS_METADATA_SIZE * i : SQUASHFS_METADATA_SIZE;
 		c_byte = mangle(cbuffer + block_offset, buffer + i * SQUASHFS_METADATA_SIZE , avail_bytes, SQUASHFS_METADATA_SIZE, noF, 0);
 		if(!swap)
 			memcpy(cbuffer, &c_byte, sizeof(unsigned short));

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#368969; Package squashfs-tools. (full text, mbox, link).

Acknowledgement sent to Arnaud Fontaine <arnaud@andesi.org>:
Extra info received and forwarded to list. (full text, mbox, link).

Message #10 received at 368969@bugs.debian.org (full text, mbox, reply):

From: Arnaud Fontaine <arnaud@andesi.org>
To: Scott James Remnant <scott@ubuntu.com>
Cc: 368969@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#368969: rounding error causes generation of invalid filesystems
Date: Fri, 26 May 2006 15:25:33 +0200
tags 368969 + upstream
thanks

Hello,

If this bug  isn't solve soon by upstream author, i  will add this patch
to debian/patches.  Thanks for your report.

Regards,
Arnaud Fontaine

Tags added: upstream Request was from Arnaud Fontaine <arnaud@andesi.org> to control@bugs.debian.org. (full text, mbox, link).

Noted your statement that Bug has been forwarded to phillip@lougher.demon.co.uk. Request was from Arnaud Fontaine <arnaud@andesi.org> to control@bugs.debian.org. (full text, mbox, link).

Tags added: pending Request was from Arnaud Fontaine <arnaud@andesi.org> to control@bugs.debian.org. (full text, mbox, link).

Reply sent to Arnaud Fontaine <arnaud@andesi.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Scott James Remnant <scott@ubuntu.com>:
Bug acknowledged by developer. (full text, mbox, link).

Message #21 received at 368969-close@bugs.debian.org (full text, mbox, reply):

From: Arnaud Fontaine <arnaud@andesi.org>
To: 368969-close@bugs.debian.org
Subject: Bug#368969: fixed in squashfs 1:3.0-5
Date: Sun, 04 Jun 2006 09:25:55 -0700
Source: squashfs
Source-Version: 1:3.0-5

We believe that the bug you reported is fixed in the latest version of
squashfs, which is due to be installed in the Debian FTP archive:

squashfs-modules-2.6-486_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6-486_3.0-5_i386.deb
squashfs-modules-2.6-686-smp_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6-686-smp_3.0-5_i386.deb
squashfs-modules-2.6-686_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6-686_3.0-5_i386.deb
squashfs-modules-2.6-k7-smp_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6-k7-smp_3.0-5_i386.deb
squashfs-modules-2.6-k7_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6-k7_3.0-5_i386.deb
squashfs-modules-2.6.16-2-486_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6.16-2-486_3.0-5_i386.deb
squashfs-modules-2.6.16-2-686-smp_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6.16-2-686-smp_3.0-5_i386.deb
squashfs-modules-2.6.16-2-686_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6.16-2-686_3.0-5_i386.deb
squashfs-modules-2.6.16-2-k7-smp_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6.16-2-k7-smp_3.0-5_i386.deb
squashfs-modules-2.6.16-2-k7_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-modules-2.6.16-2-k7_3.0-5_i386.deb
squashfs-source_3.0-5_all.deb
  to pool/main/s/squashfs/squashfs-source_3.0-5_all.deb
squashfs-tools_3.0-5_i386.deb
  to pool/main/s/squashfs/squashfs-tools_3.0-5_i386.deb
squashfs_3.0-5.diff.gz
  to pool/main/s/squashfs/squashfs_3.0-5.diff.gz
squashfs_3.0-5.dsc
  to pool/main/s/squashfs/squashfs_3.0-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 368969@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arnaud Fontaine <arnaud@andesi.org> (supplier of updated squashfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 31 May 2006 18:16:18 +0200
Source: squashfs
Binary: squashfs-modules-2.6-parisc64-smp squashfs-modules-2.6.16-2-sb1a-bcm91480b squashfs-modules-2.6-s3c2410 squashfs-modules-2.6.16-2-hp squashfs-modules-2.6.16-2-686-smp squashfs-modules-2.6.16-2-r4k-ip22 squashfs-modules-2.6.16-2-amiga squashfs-modules-2.6-mvme147 squashfs-modules-2.6-itanium squashfs-modules-2.6-sparc64-smp squashfs-modules-2.6.16-2-ixp4xx squashfs-modules-2.6.16-2-rpc squashfs-modules-2.6.16-2-parisc64 squashfs-source squashfs-modules-2.6-alpha-legacy squashfs-modules-2.6-sparc64 squashfs-modules-2.6-amd64-k8-smp squashfs-modules-2.6.16-2-powerpc squashfs-modules-2.6.16-2-s3c2410 squashfs-modules-2.6-sparc32 squashfs-modules-2.6-amd64-generic squashfs-modules-2.6-686 squashfs-tools squashfs-modules-2.6.16-2-amd64-generic squashfs-modules-2.6-sb1-bcm91250a squashfs-modules-2.6-mckinley squashfs-modules-2.6.16-2-alpha-generic squashfs-modules-2.6.16-2-powerpc64 squashfs-modules-2.6.16-2-k7 squashfs-modules-2.6.16-2-q40 squashfs-modules-2.6.16-2-mvme147 squashfs-modules-2.6.16-2-s390x squashfs-modules-2.6.16-2-powerpc-miboot squashfs-modules-2.6.16-2-parisc squashfs-modules-2.6-k7-smp squashfs-modules-2.6-footbridge squashfs-modules-2.6.16-2-sparc64 squashfs-modules-2.6.16-2-486 squashfs-modules-2.6-s390x squashfs-modules-2.6-alpha-smp squashfs-modules-2.6-powerpc64 squashfs-modules-2.6-rpc squashfs-modules-2.6.16-2-r5k-ip32 squashfs-modules-2.6-parisc squashfs-modules-2.6-amiga squashfs-modules-2.6-q40 squashfs-modules-2.6.16-2-atari squashfs-modules-2.6-powerpc-miboot squashfs-modules-2.6.16-2-r5k-cobalt squashfs-modules-2.6.16-2-mckinley-smp squashfs-modules-2.6.16-2-alpha-legacy squashfs-modules-2.6-bvme6000 squashfs-modules-2.6-s390 squashfs-modules-2.6.16-2-alpha-smp squashfs-modules-2.6-mckinley-smp squashfs-modules-2.6.16-2-s390 squashfs-modules-2.6-itanium-smp squashfs-modules-2.6-powerpc squashfs-modules-2.6.16-2-sb1-bcm91250a squashfs-modules-2.6-alpha-generic squashfs-modules-2.6.16-2-nslu2 squashfs-modules-2.6-486 squashfs-modules-2.6.16-2-amd64-k8-smp squashfs-modules-2.6.16-2-mckinley squashfs-modules-2.6-powerpc-smp squashfs-modules-2.6.16-2-amd64-k8 squashfs-modules-2.6.16-2-footbridge squashfs-modules-2.6.16-2-itanium squashfs-modules-2.6-ixp4xx squashfs-modules-2.6.16-2-em64t-p4 squashfs-modules-2.6.16-2-sparc64-smp squashfs-modules-2.6-mvme16x squashfs-modules-2.6-r4k-ip22 squashfs-modules-2.6-686-smp squashfs-modules-2.6-parisc64 squashfs-modules-2.6.16-2-itanium-smp squashfs-modules-2.6.16-2-bvme6000 squashfs-modules-2.6-mac squashfs-modules-2.6.16-2-mac squashfs-modules-2.6.16-2-mvme16x squashfs-modules-2.6.16-2-sparc32 squashfs-modules-2.6-sun3 squashfs-modules-2.6.16-2-686 squashfs-modules-2.6-parisc-smp squashfs-modules-2.6-amd64-k8 squashfs-modules-2.6-r5k-ip32 squashfs-modules-2.6.16-2-em64t-p4-smp squashfs-modules-2.6.16-2-parisc-smp squashfs-modules-2.6-em64t-p4 squashfs-modules-2.6-nslu2 squashfs-modules-2.6-r5k-cobalt squashfs-modules-2.6-k7 squashfs-modules-2.6-atari squashfs-modules-2.6.16-2-parisc64-smp squashfs-modules-2.6-em64t-p4-smp squashfs-modules-2.6-sb1a-bcm91480b squashfs-modules-2.6.16-2-sun3 squashfs-modules-2.6-hp squashfs-modules-2.6.16-2-powerpc-smp squashfs-modules-2.6.16-2-k7-smp
Architecture: source i386 all
Version: 1:3.0-5
Distribution: unstable
Urgency: low
Maintainer: Arnaud Fontaine <arnaud@andesi.org>
Changed-By: Arnaud Fontaine <arnaud@andesi.org>
Description: 
 squashfs-modules-2.6-486 - Squash filesystem module for 486-class machines
 squashfs-modules-2.6-686 - Squash filesystem module for PPro/Celeron/PII/PIII/P4 machines
 squashfs-modules-2.6-686-smp - Squash filesystem module for PPro/Celeron/PII/PIII/P4 SMP machine
 squashfs-modules-2.6-k7 - Squash filesystem module for AMD K7 machines
 squashfs-modules-2.6-k7-smp - Squash filesystem module for AMD K7 SMP machines
 squashfs-modules-2.6.16-2-486 - Squash filesystem module for Linux 2.6.16-2-486
 squashfs-modules-2.6.16-2-686 - Squash filesystem module for Linux 2.6.16-2-686
 squashfs-modules-2.6.16-2-686-smp - Squash filesystem module for Linux 2.6.16-2-686-smp
 squashfs-modules-2.6.16-2-k7 - Squash filesystem module for Linux 2.6.16-2-k7
 squashfs-modules-2.6.16-2-k7-smp - Squash filesystem module for Linux 2.6.16-2-k7-smp
 squashfs-source - Source for the squash filesystem
 squashfs-tools - Tool to create and append to squashfs filesystems
Closes: 368969 369522
Changes: 
 squashfs (1:3.0-5) unstable; urgency=low
 .
   * debian/control* and debian/rules:
     + Bumped linux kernel version number to 2.6.16-2.
       Closes: #369522.
 .
   * debian/patches/03-mksquashfs.dpatch:
     + Fix rounding error which causes generation of invalid
       filesystems.  Thanks to Scott James Remnant
       <scott@ubuntu.com>. Closes: #368969.
Files: 
 d0cc68ca9d9b68eb8c03ab700c59a789 4078 admin optional squashfs_3.0-5.dsc
 ae9496e5196adafa3c2d008f8223456e 31394 admin optional squashfs_3.0-5.diff.gz
 285e4791b8ef3b6adce341b00d60239a 29376 admin optional squashfs-source_3.0-5_all.deb
 99094f3bde8f741c0286b0024b12e553 89368 admin optional squashfs-tools_3.0-5_i386.deb
 35313b1cbaca4a642f2b64128b121933 25600 admin optional squashfs-modules-2.6.16-2-486_3.0-5_i386.deb
 e75553ad5a342779d61646313318d81b 8814 admin optional squashfs-modules-2.6-486_3.0-5_i386.deb
 13d18e8091419e25a9b3d7d2f8e05622 26248 admin optional squashfs-modules-2.6.16-2-686_3.0-5_i386.deb
 e6d4a9ee4b04d85f026a65d75a0c7f96 8836 admin optional squashfs-modules-2.6-686_3.0-5_i386.deb
 25373a331b0ae0a00e27d4cd62250a77 26728 admin optional squashfs-modules-2.6.16-2-686-smp_3.0-5_i386.deb
 60ebf4cfb0c6a06729854a382a01aa8b 8858 admin optional squashfs-modules-2.6-686-smp_3.0-5_i386.deb
 2bd30e774746515ddf647aeba8dfa292 26242 admin optional squashfs-modules-2.6.16-2-k7_3.0-5_i386.deb
 efa2647b78a193b607c7ee911a8b796d 8830 admin optional squashfs-modules-2.6-k7_3.0-5_i386.deb
 f85f8137b79f7ae0ca699fde3db2cc93 26760 admin optional squashfs-modules-2.6.16-2-k7-smp_3.0-5_i386.deb
 fe3f6f52f5b9a7e311801e0fd5c1b6b6 8842 admin optional squashfs-modules-2.6-k7-smp_3.0-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEgt4hcaH/YBv43g8RArGPAJ9rK4JNTG0AM+Rt0E+3eo5rNP/SxwCfVuQj
DmpJyLpG5/ZJZLJzns0gNW0=
=5cSj
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 09:52:36 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jan 13 18:44:53 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.