Bug#1100470: Segfault with NTFS CVE fixes

Marta Lewandowska mlewando at redhat.com
Mon Mar 17 09:36:09 GMT 2025 

You're not the only ones who have bugs reported... we're got one and Arch
as well. I sent this email to the list a week ago; I don't know where it
got lost...

---
Hi,

This patch also fixes an issue introduced by the original patch involving
dual booting: grub-mount seg faults when trying to mount an ntfs volume,
e.g., when grub-mkconfig is run. There are bugs for this on fedora [1] and
arch [2], so further review of this patch is really appreciated!

thanks!
marta

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2350327
[2]
https://gitlab.archlinux.org/archlinux/packaging/packages/grub/-/issues/11


On Sat, Mar 15, 2025 at 3:14 PM Eric Valette <eric.valette at gmail.com> wrote:

> On 15/03/2025 08:54, Felix Zielcke wrote:
> > Hi,
> >
> > on Debian we got a bug report with a segfault in grub-mount when we
> > added the CVE fixes to it:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100470
> >
> > It crashes on all 3 Windows NTFS Partitions with this:
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > Download failed: Invalid argument.  Continuing without source file
> > ./obj/grub-pc/../../grub-core/fs/ntfs.c.
> > 0x000055555557de34 in find_attr (at=at at entry=0x555555694ea0,
> >       attr=attr at entry=128 '\200') at ../../grub-core/fs/ntfs.c:390
> > warning: 390    ../../grub-core/fs/ntfs.c: No such file or directory
> >
> > Line 390 is the same AFAICS on upstream grub.git and Debian packaging:
> >
> > while (at->attr_cur < mft_end && *at->attr_cur != 0xFF)
> >
> > I don't know what is special on their NTFS partitions. I can't
> > reproduce this with my own dual-boot system.
> >
> Just for the record :
>
>      1) NTFS fs have been created using W10 or W11 tools,
>
>      2) I did run from windows cmd line  chkdsk /r /x /f on one of the
> three NTFS fs triggering the problem,
>
>      3) no error found
>
>      4) But it still segfault,
>
> --
> Eric Valette
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel at gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20250317/120d4d3c/attachment.htm>

More information about the Pkg-grub-devel mailing list