Bug#576520: cdbackup: CRC checks fail on DVD images

Sat, 15 Jun 2024 01:33:16 -0700 

Control: tags -1 + patch

[Phil Reynolds 2010-04-05]
> When writing virtual images for later burning to DVDs, if the -C switch 
> to cdbackup is not used, the tracks in the images cannot be restored 
> using cdrestore as the CRC check fails. This applies whether the images 
> are on DVD or have been kept on a hard disc.

I wonder, could this be caused by a memory overflow in the CRC
calculating code?  If so, I propose this patch to fix it.

Description: Make sure setting and reading CRC do not work past buffer size.
 The code used to store 8 bytes in a 4 byte space, and read 8 bytes from a 4
 byte space on 64 bit platforms.  Rewrite to use int32_t to ensure only 4
 bytes are used.
Author: Petter Reinholdtsen <p...@debian.org>
Bug-Debian: https://bugs.debian.org/576520
Forwarded: no
Last-Update: 2024-06-15
---
--- cdbackup-0.7.1.orig/cdbackup.c
+++ cdbackup-0.7.1/cdbackup.c
@@ -29,6 +29,7 @@ SUCH DAMAGE.
 #include <stdlib.h>
 #include <stdio.h>
 #include <stdarg.h>
+#include <stdint.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
@@ -392,8 +393,8 @@ int backup(void)
         }
       }
     if(crc) {
-      int l=crc32(buffer,bytes+DBSIZE);
-      *((unsigned long *)(&buffer[CD_FRAMESIZE-4]))=l;
+      int32_t l=crc32(buffer,bytes+DBSIZE);
+      *((int32_t *)(&buffer[CD_FRAMESIZE-sizeof(l)]))=l;
       }
     Vwrite(buffer); grandTotal+=CD_FRAMESIZE;
     } while(db->status==0);
--- cdbackup-0.7.1.orig/cdrestore.c
+++ cdbackup-0.7.1/cdrestore.c
@@ -28,6 +28,7 @@ SUCH DAMAGE.
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <string.h>
 #include <unistd.h>
 #include <time.h>
@@ -203,8 +204,8 @@ int restore(int disktrack)
       }
 
     if(db->flags&F_CRC) {
-      int l=crc32(buffer,size+DBSIZE);
-      if(*((unsigned long *)(&buffer[CD_FRAMESIZE-4]))!=l) {
+      int32_t l=crc32(buffer,size+DBSIZE);
+      if(*((int32_t *)(&buffer[CD_FRAMESIZE-sizeof(l)]))!=l) {
         if(verbose) fprintf(stderr,"%s: bad CRC checksum at 
%lld\n",prg_name,totalRead);
         serror("Bad checksum, block corrupted, restore failed");
         }

The patch is commited to the git repo on
<URL:https://salsa.debian.org/debian/cdbackup >, but not uploaded as I could
like to know if it solve this bug first.  Are you able to test it?

-- 
Happy hacking
Petter Reinholdtsen

Reply via email to