Bug#474931: grub-common: update-grub segfaults

Sami Liedes sliedes at cc.hut.fi
Sun Apr 20 20:20:56 UTC 2008 

package grub-common
retitle 474931 grub-probe: crash on invalid LVM partition
found 474931 1.96+20080413-1
thanks

On Thu, Apr 10, 2008 at 10:12:53AM +0200, Robert Millan wrote:
> This could mean that your LVM is corrupt, or that our LVM logic is
> incomplete. Unfortunately I don't have the time to review that, but
> I improved the parser to make it more robust, failing safely when
> problems like this one arise. This fixes the issue at hand (using
> grub-probe in update-grub). Please, could you try the attached patch
> and report your results?

Sorry, I was traveling and had no access to the computer with the
problem.

I assume your patch has been incorporated into 1.96+20080413-1. It
still crashes. You might be right about the corruption though.
pvdisplay shows it as a "new physical volume", the same way it shows
my /boot partition for some reason. Looks like some leftover partition
that once had LVM content but now has experienced some bit rot or
something and is no longer part of anything (luckily?).

The problem is still the same, one grub_strstr() that you missed:

------------------------------------------------------------
# gdb --args grub-probe -t device sda
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) r
Starting program: /usr/sbin/grub-probe -t device sda

Program received signal SIGSEGV, Segmentation fault.
0x000000000040590d in grub_memmove (dest=0x7fff8fc357b0, src=0x6, n=37) at /home/sliedes/rec/grub2-1.96+20080413/kern/misc.c:43
43              *--d = *--s;
(gdb) bt
#0  0x000000000040590d in grub_memmove (dest=0x7fff8fc357b0, src=0x6, n=37) at /home/sliedes/rec/grub2-1.96+20080413/kern/misc.c:43
#1  0x000000000042155c in grub_lvm_scan_device (name=0x19a80c0 "hd0,3") at /home/sliedes/rec/grub2-1.96+20080413/disk/lvm.c:317
#2  0x0000000000404511 in iterate_partition (disk=0x19a8010, partition=0x7fff8fc35ec0) at /home/sliedes/rec/grub2-1.96+20080413/kern/device.c:132
#3  0x000000000041e689 in pc_partition_map_iterate (disk=0x19a8010, hook=0x7fff8fc3607f) at /home/sliedes/rec/grub2-1.96+20080413/partmap/pc.c:153
#4  0x00000000004080ff in grub_partition_iterate (hook=0x7fff8fc3607f) at /home/sliedes/rec/grub2-1.96+20080413/kern/partition.c:126
#5  0x00000000004045a5 in iterate_disk (disk_name=0x7fff8fc35fd0 "hd0") at /home/sliedes/rec/grub2-1.96+20080413/kern/device.c:101
#6  0x0000000000401e2b in call_hook (hook=0x7fff8fc36068, drive=128) at /home/sliedes/rec/grub2-1.96+20080413/util/biosdisk.c:132
#7  0x0000000000401e60 in grub_util_biosdisk_iterate (hook=0x7fff8fc36068) at /home/sliedes/rec/grub2-1.96+20080413/util/biosdisk.c:141
#8  0x00000000004049f5 in grub_disk_dev_iterate (hook=0x7fff8fc36068) at /home/sliedes/rec/grub2-1.96+20080413/kern/disk.c:205
#9  0x0000000000404464 in grub_device_iterate (hook=0x42120c <grub_lvm_scan_device>) at /home/sliedes/rec/grub2-1.96+20080413/kern/device.c:138
#10 0x0000000000421dc2 in grub_mod_init (mod=0x0) at /home/sliedes/rec/grub2-1.96+20080413/disk/lvm.c:569
#11 0x0000000000421daa in grub_lvm_init () at /home/sliedes/rec/grub2-1.96+20080413/disk/lvm.c:567
#12 0x0000000000422f7d in grub_init_all () at grub_probe_init.c:45
#13 0x0000000000401cb5 in main (argc=4, argv=0x7fff8fc36228) at /home/sliedes/rec/grub2-1.96+20080413/util/grub-probe.c:356
(gdb) up
#1  0x000000000042155c in grub_lvm_scan_device (name=0x19a80c0 "hd0,3") at /home/sliedes/rec/grub2-1.96+20080413/disk/lvm.c:317
317       grub_memcpy (vg_id, p, GRUB_LVM_ID_STRLEN);
(gdb) l
312
313       grub_memcpy (vgname, p, vgname_len);
314       vgname[vgname_len] = '\0';
315
316       p = grub_strstr (q, "id = \"") + sizeof ("id = \"") - 1;
317       grub_memcpy (vg_id, p, GRUB_LVM_ID_STRLEN);
318       vg_id[GRUB_LVM_ID_STRLEN] = '\0';
319
320       for (vg = vg_list; vg; vg = vg->next)
321         {
(gdb) print p
$1 = 0x6 <Address 0x6 out of bounds>
(gdb)
------------------------------------------------------------

	Sami
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20080420/9e8990b6/attachment.pgp

More information about the Pkg-grub-devel mailing list