[bug #51188] FPE (division by zero) in grub_ext2_read

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #51188] FPE (division by zero) in grub_ext2_read_inode()

From:	Kamil Frankowicz
Subject:	[bug #51188] FPE (division by zero) in grub_ext2_read_inode()
Date:	Tue, 6 Jun 2017 07:00:15 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0

URL:
  <http://savannah.gnu.org/bugs/?51188>

                 Summary: FPE (division by zero) in grub_ext2_read_inode()
                 Project: GNU GRUB
            Submitted by: fumfel
            Submitted on: Tue 06 Jun 2017 11:00:13 AM UTC
                Category: Filesystem
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: other
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

While fuzzing radare2 I found FPE in function grub_ext2_read_inode()

Original issue with repro: https://github.com/radare/radare2/issues/7650

ASAN from r2:

==10375==ERROR: AddressSanitizer: FPE on unknown address 0x7fb2f4af4726 (pc
0x7fb2f4af4726 bp 0x7fff41d52850 sp 0x7fff41d52720 T0)
    #0 0x7fb2f4af4725 in grub_ext2_read_inode
XYZ/radare2/shlr/grub/fs/ext2.c:525:29
    #1 0x7fb2f4af2ce4 in grub_ext2_mount
XYZ/radare2/shlr/grub/fs/ext2.c:593:3
    #2 0x7fb2f4af19ac in grub_ext2_dir XYZ/radare2/shlr/grub/fs/ext2.c:863:10
    #3 0x7fb2f4ad2c58 in ext2__mount
XYZ/radare2/libr/fs/p/fs_grub_base.c:74:8
    #4 0x7fb2f4addeaa in r_fs_mount XYZ/radare2/libr/fs/fs.c:151:7
    #5 0x7fb2f7ef996b in cmd_mount XYZ/radare2/libr/core/./cmd_mount.c:49:9
    #6 0x7fb2f80be7df in r_cmd_call XYZ/radare2/libr/core/cmd_api.c:226:10
    #7 0x7fb2f7faddeb in r_core_cmd_subst_i
XYZ/radare2/libr/core/cmd.c:2178:12
    #8 0x7fb2f7ef6127 in r_core_cmd_subst XYZ/radare2/libr/core/cmd.c:1368:9
    #9 0x7fb2f7eef8b9 in r_core_cmd XYZ/radare2/libr/core/cmd.c:2786:9
    #10 0x7fb2f7eda74f in r_core_cmdf XYZ/radare2/libr/core/cmd.c:2942:8
    #11 0x7fb2f8098e42 in bin_info XYZ/radare2/libr/core/cbin.c:621:4
    #12 0x7fb2f8098e42 in r_core_bin_info XYZ/radare2/libr/core/cbin.c:2870
    #13 0x7fb2f8089531 in r_core_bin_set_env
XYZ/radare2/libr/core/cbin.c:115:3
    #14 0x7fb2f8015064 in r_core_file_do_load_for_io_plugin
XYZ/radare2/libr/core/file.c:434:2
    #15 0x7fb2f8015064 in r_core_bin_load XYZ/radare2/libr/core/file.c:567
    #16 0x55e7cf695f6b in main XYZ/radare2/binr/radare2/radare2.c:952:14
    #17 0x7fb2f0bae82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x55e7cf5c5f38 in _start (/usr/local/bin/radare2+0x20f38)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE XYZ/radare2/shlr/grub/fs/ext2.c:525:29 in
grub_ext2_read_inode
==10375==ABORTING




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51188>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #51188] FPE (division by zero) in grub_ext2_read_inode(), Kamil Frankowicz <=
- [bug #51188] FPE (division by zero) in grub_ext2_read_inode(), Andrei Borzenkov, 2017/06/06

Prev by Date: typos in the manual
Next by Date: [bug #51189] Stack buffer underflow in grub_memmove()
Previous by thread: typos in the manual
Next by thread: [bug #51188] FPE (division by zero) in grub_ext2_read_inode()
Index(es):
- Date
- Thread