[PATCH] mkfs.ubifs: Fix heap corruption on LEB overrun
Artem Bityutskiy
dedekind1 at gmail.com
Thu Sep 23 09:06:09 EDT 2010
On Wed, 2010-09-22 at 16:01 -0700, Kevin Cernekee wrote:
> If max_leb_cnt (-c option) is set too low, set_lprops() will corrupt
> the heap and may result in a scary looking crash:
>
> $ bin/mkfs.ubifs -U -r romfs -o ubifs.img -m 512 -e 15360 -c 39
> Error: max_leb_cnt too low (241 needed)
> *** glibc detected *** bin/mkfs.ubifs: double free or corruption (!prev): 0x088fe070 ***
> ======= Backtrace: =========
> /lib32/libc.so.6(+0x6c231)[0xf75fb231]
> /lib32/libc.so.6(+0x6dab8)[0xf75fcab8]
> /lib32/libc.so.6(cfree+0x6d)[0xf75ffb9d]
> bin/mkfs.ubifs[0x804e801]
> bin/mkfs.ubifs[0x804e94b]
> bin/mkfs.ubifs[0x804e99d]
> /lib32/libc.so.6(__libc_start_main+0xe6)[0xf75a5bd6]
> bin/mkfs.ubifs(__fxstat64+0x55)[0x80491e1]
> ======= Memory map: ========
Pushed, thanks.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)
More information about the linux-mtd
mailing list