Bug 4730 - Integer overflow in util-linux/mkfs-minix.c
Summary: Integer overflow in util-linux/mkfs-minix.c
Status: RESOLVED FIXED
Alias: None
Product: Busybox
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: PC Linux
: P5 minor
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-24 01:02 UTC by Abhijit Hoskeri
Modified: 2013-03-18 01:31 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Abhijit Hoskeri 2012-01-24 01:02:44 UTC 
There is an integer overflow in get_size() function for block devices greater than 4G in size, which results in failure to create the minix filesystem. 

This failure happens only for block devices, which go down the BLKGETSIZE path, and not for normal files.

Eg.,


$ stat /tmp/a
  File: `/tmp/a'
  Size: 4294967297	Blocks: 1408       IO Block: 4096   regular file
Device: 801h/2049d	Inode: 213866      Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/ abhijit)   Gid: ( 1000/ abhijit)
Access: 2012-01-23 13:56:34.000000000 -0800
Modify: 2012-01-23 13:56:26.000000000 -0800
Change: 2012-01-23 13:56:26.000000000 -0800

$ busybox mkfs.minix /tmp/a
21856 inodes
65535 blocks
Firstdatazone=696 (696)
Zonesize=1024
Maxsize=268966912

$ sudo losetup -a
/dev/loop0: [0801]:213866 (/tmp/a)

$ sudo busybox mkfs.minix /dev/loop0
mkfs.minix: must have at least 10 blocks

This is on a 32bit linux system, with busybox built from latest git.

This problem can be worked around by passing the size in kbytes from the command line.
Comment 1 Denys Vlasenko 2013-03-18 01:31:40 UTC 
Fixed in git:

commit 7c6f2d4207e11ca60964132deb3bd1c4cb583aba
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date:   Mon Mar 18 02:26:58 2013 +0100

    mkfs_minix: use get_volume_size_in_bytes instead of local version