Bug#478401: Segment fault on grub-probe

Isaac M. Marcos isaacmarcos100010 at gmail.com
Fri May 16 21:58:40 UTC 2008 

El Wednesday 07 May 2008 10:03:08 Robert Millan escribió:
> On Tue, May 06, 2008 at 11:02:20PM -0430, Isaac M. Marcos wrote:
> > > > Program received signal SIGSEGV, Segmentation fault.
> > > > 0x0000000000421b7c in grub_lvm_scan_device (name=0x638210 "hd1,5") at
> > > > /home/immf/grub2-1.96+20080429/disk/lvm.c:305 305       while (*q !=
> > > > ' ')
> > >
> > > Please try:
> > >
> > > print q
> > > print metadatabuf
> > > print rlocn->offset
> >
> > (gdb) run -t device /
> > Starting program: /usr/sbin/grub-probe -t device /
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x0000000000421b7c in grub_lvm_scan_device (name=0x638210 "hd1,5")
> > at /home/immf/grub2-1.96+20080429/disk/lvm.c:305
> > 305       while (*q != ' ')
> > (gdb) print q
> > $1 = 0x78b000 <Address 0x78b000 out of bounds>
> > (gdb) print metadatabuf
> > $2 = 0x73ba00 "�N\203\220 LVM2 x[5A%r0N*>\001"		# the ? symbol is a 0x00
> > (gdb) print rlocn->offset
> > $3 = 92672
>
> Looks like rlocn->offset is messed up.  Maybe it's mdah->raw_locns fault,
> or maybe on its own ground.
>
> In either case, I'm not sure what we're supposed to do about it.  Appliing
> an heuristic to rlocn->offset isn't good...
>
> Please could you bring this to upstream (grub-devel at gnu.org)?  Maybe
> someone with a better understanding of this code can help.

> 2008/5/16 Pavel Roskin:
>
> > (gdb) print mda_size
> > $1 = 192512
> 
> OK, we have something interesting here.  mda_size is 192512 (0x2f000).
> rlocn->offset is 92672 (0x16a00).  But (q - metadatabuf) is 325120
> (0x4f600).  So, the initial value of q was within the buffer, but the
> value that caused the segfault was outside the buffer.
>
> It means that GRUB could not find any space character in the buffer and
> kept scanning until it hit unallocated space.  I believe it's not valid
> LVM metadata.
>
> > # pvck /dev/sda6
> >   Device /dev/sda6 not found (or ignored by filtering).
>
> So, it's not a LVM physical volume.
>
> > /dev/sda6     3397    6561    25422831   fd  Linux raid autodetect
>
> It's a RAID partition.  I guess RAID partitions have a different layout.
>
> The fix would be to reject RAID partitions in grub_lvm_scan_device().
> The only validity check in that function is presence of the LVM label in
> the first 4 sectors.  Perhaps additional checks are needed.

Looks like the LVM checking needs to include some functions from "pvck", or 
include a check for RAID disks before going to LVM.

-- 
Isaac M. Marcos
GPG key 0xC9045C1B
5633 ECAF 44B1 8A5D 9371 DCDA 4620 A016 C904 5C1B

The only place success comes before work is in the dictionary.
VINCE LOMBARDI
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20080516/4a558bb9/attachment.pgp

More information about the Pkg-grub-devel mailing list