FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Sun Aug 18, 2019 23:14



Post new topic Reply to topic  [ 1 post ] 
Segfault in find_unnamed_attr (bug report, fuzzing) 
Author Message

Joined: Sun Sep 06, 2015 13:41
Posts: 5
Post Segfault in find_unnamed_attr (bug report, fuzzing)
I couldn't find a bugtracker for ntfs-3g/ntfsprogs, so I'm posting this here (more to come). I've been fuzzing ntfsfix and it uncovered a couple of bugs which could be potential security issues.

The attached file will make ntfsfix segfault. The error message from debugging tools (I'm mostly using address sanitizer) is not really clear on what is happening here, seems like some invalid memory access that is neither on the stack or the heap.

This is the address sanitizer stack trace:
==30454==ERROR: AddressSanitizer: SEGV on unknown address 0x619001d14f0c (pc 0x0000004e0f3b bp 0x7ffe23873020 sp 0x7ffe23872e00 T0)
#0 0x4e0f3a in find_unnamed_attr /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:742:13
#1 0x4e0f3a in short_mft_selfloc_condition /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:781
#2 0x4e0f3a in fix_self_located_mft /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:1139
#3 0x4e0f3a in fix_startup /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:1465
#4 0x4e0f3a in fix_mount /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:1519
#5 0x4e0f3a in main /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:1586
#6 0x7fec24e097af in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.21-r1/work/glibc-2.21/csu/libc-start.c:289
#7 0x4185f8 in _start (/tmp/ntfsfix+0x4185f8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/ram/ntfs-3g_ntfsprogs-2015.3.14/ntfsprogs/ntfsfix.c:742:13 in find_unnamed_attr


Attachments:
File comment: Malformed / fuzzed ntfs filesystem causing segfault in ntfsfix
ntfsfix-segfault-find_unnamed_attr.zip [3.08 KiB]
Downloaded 1053 times
Sun Sep 06, 2015 13:57
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.