Bug#1100486: Segfault with NTFS CVE fixes
B Horn
b at horn.uk
Sat Mar 15 12:28:48 GMT 2025
On 15/03/2025 07:54, Felix Zielcke wrote:
> Hi,
>
> on Debian we got a bug report with a segfault in grub-mount when we
> added the CVE fixes to it:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100470
>
> It crashes on all 3 Windows NTFS Partitions with this:
>
> Program received signal SIGSEGV, Segmentation fault.
> Download failed: Invalid argument. Continuing without source file
> ./obj/grub-pc/../../grub-core/fs/ntfs.c.
> 0x000055555557de34 in find_attr (at=at at entry=0x555555694ea0,
> attr=attr at entry=128 '\200') at ../../grub-core/fs/ntfs.c:390
> warning: 390 ../../grub-core/fs/ntfs.c: No such file or directory
>
> Line 390 is the same AFAICS on upstream grub.git and Debian packaging:
>
> while (at->attr_cur < mft_end && *at->attr_cur != 0xFF)
I posted a patch for this issue a bit ago:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00179.html
>
> I don't know what is special on their NTFS partitions. I can't
> reproduce this with my own dual-boot system.
Is your setup using secure boot? Another one of the recent patches
disabled ntfs if secure boot is active:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00073.html
More information about the Pkg-grub-devel
mailing list