Opened 10 years ago

Last modified 6 years ago

#215 assigned defect

EMX ead* functions aborts with corrupted EAS

Reported by: ydario Owned by: bird
Priority: normal Milestone:
Component: libc-backend Version: 0.6.2
Severity: normal Keywords: eas


Calling _ead_read() on a file with corrupted EAS will crash the running program.

Debug shows that in src\lib\io\eadread.c the function:

static int _ead_make_gea (struct _ead_data *ead, PDENA2 pdena, void *arg)

is calling abort() for wrong name:

  if (pdena->szName[pdena->cbName] != 0)
    abort ();

Suggested fix is to return EINVAL or similar:

  if (pdena->szName[pdena->cbName] != 0)
          errno = EINVAL;
          return -1;

memory is freed by caller.

I cannot test the fix right now, but seems good to me.

Change History (5)

comment:1 Changed 9 years ago by bird

Need a testcase and/or good explanation what's going wrong here.

comment:2 Changed 9 years ago by ydario

Background: ead_* functions are used in Star backup code to deal with extended attributes (and emulate some xattr code).

In its earlier days, Samba/2 used to write bad EAS in certain conditions, so backup of such files was triggering the above abort() call.

Cleaning EAs for broken files fixed the problem on my side, but I think it is not a good idea to abort a program.

comment:3 Changed 9 years ago by bird

  • Status changed from new to assigned

comment:4 Changed 8 years ago by bird

  • Milestone changed from libc-0.6.5 to libc-0.6.6

comment:5 Changed 6 years ago by ydario

  • Milestone libc-0.6.6 deleted
Note: See TracTickets for help on using tickets.