- edited description
Out of bounds write on sparse file
Issue #50
closed
Originally reported by Helg Bredow <xx404 AT msn.com> via e-mail.
Steps to reproduce
- create empty file.
- write 4096 bytes at offset 0.
- seek to 4097 bytes from start of the file.
- write one byte
Expected result
OK
Actual result
Invalid write in BigBuffer::ChunkWrapper::clearTail
:
==5323== Invalid write of size 8
==5323== at 0x4C32552: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5323== by 0x114AFE: BigBuffer::ChunkWrapper::clearTail(unsigned long) (bigBuffer.cpp:151)
==5323== by 0x114401: BigBuffer::write(char const*, unsigned long, unsigned long) (bigBuffer.cpp:232)
==5323== by 0x10F980: FileNode::write(char const*, unsigned long, unsigned long) (fileNode.cpp:263)
==5323== by 0x1119AB: fusezip_write (fuse-zip.cpp:269)
==5323== by 0x4E4532F: fuse_fs_write_buf (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E454A7: ??? (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E4E6ED: ??? (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E4A99B: fuse_session_loop (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E42C67: fuse_loop (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x10B216: main (main.cpp:242)
==5323== Address 0x6581f38 is 24 bytes inside a block of size 4,096 free'd
==5323== at 0x4C2CDDB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5323== by 0x114894: BigBuffer::ChunkWrapper::~ChunkWrapper() (bigBuffer.cpp:62)
==5323== by 0x115C28: void std::_Destroy<BigBuffer::ChunkWrapper>(BigBuffer::ChunkWrapper*) (stl_construct.h:93)
==5323== by 0x115986: void std::_Destroy_aux<false>::__destroy<BigBuffer::ChunkWrapper*>(BigBuffer::ChunkWrapper*, BigBuffer::ChunkWrapper*) (stl_construct.h:103)
==5323== by 0x1151CB: void std::_Destroy<BigBuffer::ChunkWrapper*>(BigBuffer::ChunkWrapper*, BigBuffer::ChunkWrapper*) (stl_construct.h:126)
==5323== by 0x114DAE: void std::_Destroy<BigBuffer::ChunkWrapper*, BigBuffer::ChunkWrapper>(BigBuffer::ChunkWrapper*, BigBuffer::ChunkWrapper*, std::allocator<BigBuffer::ChunkWrapper>&) (stl_construct.h:151)
==5323== by 0x114EFF: std::vector<BigBuffer::ChunkWrapper, std::allocator<BigBuffer::ChunkWrapper> >::_M_erase_at_end(BigBuffer::ChunkWrapper*) (stl_vector.h:1436)
==5323== by 0x114CEE: std::vector<BigBuffer::ChunkWrapper, std::allocator<BigBuffer::ChunkWrapper> >::resize(unsigned long) (stl_vector.h:679)
==5323== by 0x1144F9: BigBuffer::truncate(unsigned long) (bigBuffer.cpp:251)
==5323== by 0x10FB8E: FileNode::truncate(unsigned long) (fileNode.cpp:294)
==5323== by 0x111A8A: fusezip_truncate (fuse-zip.cpp:299)
==5323== by 0x4E49539: ??? (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== Block was alloc'd at
==5323== at 0x4C2BBAF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5323== by 0x1148FB: BigBuffer::ChunkWrapper::ptr(bool) (bigBuffer.cpp:84)
==5323== by 0x113FAB: BigBuffer::BigBuffer(zip*, unsigned long, unsigned long) (bigBuffer.cpp:176)
==5323== by 0x10F7EB: FileNode::open() (fileNode.cpp:239)
==5323== by 0x1116AD: fusezip_open (fuse-zip.cpp:210)
==5323== by 0x4E44967: fuse_fs_open (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E44A41: ??? (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E4EF3B: ??? (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E4E5D8: ??? (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E4A99B: fuse_session_loop (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x4E42C67: fuse_loop (in /lib/x86_64-linux-gnu/libfuse.so.2.9.7)
==5323== by 0x10B216: main (main.cpp:242)
Comments (5)
-
reporter -
reporter - edited description
-
reporter - changed status to closed
fixed out-of bound write, closes issue
#50→ <<cset 5f3535b110f6>>
-
reporter - changed status to resolved
-
reporter - changed status to closed
Fixed in version 0.4.3.
- Log in to comment