Summary: | fsck_msdosfs: Integer overflow in checksize() for files close to 4GiB in size on 32-bit platform | ||
---|---|---|---|
Product: | Base System | Reporter: | Xin LI <delphij> |
Component: | bin | Assignee: | Xin LI <delphij> |
Status: | Closed FIXED | ||
Severity: | Affects Some People | CC: | emaste |
Priority: | --- | ||
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any |
Description
Xin LI
2020-09-22 20:02:24 UTC
(In reply to Xin LI from comment #0) I agree with your comments in the Android review A commit references this bug: Author: delphij Date: Wed Sep 23 06:52:23 UTC 2020 New revision: 366064 URL: https://svnweb.freebsd.org/changeset/base/366064 Log: sbin/fsck_msdosfs: Fix an integer overflow on 32-bit platforms. The purpose of checksize() is to verify that the referenced cluster chain size matches the recorded file size (up to 2^32 - 1) in the directory entry. We follow the cluster chain, then multiple the cluster count by bytes per cluster to get the physical size, then check it against the recorded size. When a file is close to 4 GiB (between 4GiB - cluster size and 4GiB, both non-inclusive), the product of cluster count and bytes per cluster would be exactly 4 GiB. On 32-bit systems, because size_t is 32-bit, this would wrap back to 0, which will cause the file be truncated to 0. Fix this by using 64-bit physicalSize instead. This fix is inspired by an Android change request at https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/1428461 PR: 249533 Reviewed by: kevlo MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D26524 Changes: head/sbin/fsck_msdosfs/dir.c |