Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash)

Reply: John-Mark Gurney : "Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash)"
In reply to: Mark Millard : "Re: fsck segfaults on rpi3 running 13-stable (and on 14-CURRENT analyzing the same file system that resulted from the 13-STABLE crash)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: bob prohaska <fbsd_at_www.zefox.net>
Date: Tue, 14 Feb 2023 16:14:15 UTC

> On Feb 13, 2023, at 15:25, John-Mark Gurney <jmg@funkthat.com> wrote:
> 
[huge snip]

> > Ok, decided to run AFL on fsck, and this one was the first crash it
> > discovered.  The problem is that ctime can return NULL, and the return
> > value isn't checked, because it then immediately does &p[4] which
> > results is printf and friends being passed 0x4.
> > 
> > Simple test program that demonstrates this problem:
> > #include <time.h>
> > #include <stdio.h>
> > 
> > int
> > main()
> > {
> >        const char *p;
> >        time_t t;
> > 
> >        t = -5098919203113507862;
> > 
> >        p = ctime(&t);
> > 
> >        printf("MTIME=%12.12s %4.4s ", &p[4], &p[20]);
> > 
> >        return 0;
> > }
> > 
> > I'm not sure what the correct fix is for when times are wildly out of
> > valid range.
> > 

Is this a demonstration that the fsck segfault can be reproduced 
independtly of my particular corrupt filesystem? AFL is new to me. 

Thanks for reading,

bob prohaska