On Tue, Jan 08, 2019 at 10:40:55AM +0100, Frank Scheiner wrote: > On 1/7/19 22:13, John Paul Adrian Glaubitz wrote: > > On 1/7/19 10:09 PM, Frank Scheiner wrote: > > > Program received signal SIGSEGV, Segmentation fault. > > > 0x0000000100034be4 in hfs_swap_HFSBTInternalNode (src=0x7fffffffd3a8, > > > fcb=0x100081898, direction=kSwapBTNodeBigToHost) at hfs_endian.c:883 > > > 883 hfs_endian.c: No such file or directory. > > > > I think the debugging process would be more verbose if the > > debugging was done in-tree of the hfsprogress source code. > > Oh, overlooked that part yesterday evening. Did that now: > > ```root@powermac-g5:~/hfsprogs/hfsprogs-332.25# gdb --args > ./fsck_hfs.tproj/fsck_hfs -d /dev/sda2 > GNU gdb (Debian 8.2-1) 8.2 > [...] > Reading symbols from ./fsck_hfs.tproj/fsck_hfs...done. > (gdb) run > Starting program: /root/hfsprogs/hfsprogs-332.25/fsck_hfs.tproj/fsck_hfs -d > /dev/sda2 > [Thread debugging using libthread_db enabled] > Using host libthread_db library > "/lib/powerpc64-linux-gnu/libthread_db.so.1". > ** /dev/sda2 > Using cacheBlockSize=32K cacheTotalBlock=1024 cacheSize=32768K. > ** Checking HFS volume. > > Program received signal SIGSEGV, Segmentation fault. > 0x0000000100034be4 in hfs_swap_HFSBTInternalNode (src=0x7fffffffd2f8, > fcb=0x100081898, direction=kSwapBTNodeBigToHost) at hfs_endian.c:883 > 883 nextRecord = (char *)src->buffer + srcOffs[i-1];
Given i starts as 0 in the loop in hfs_endian.c then i-1 would be 0-1 which is not nice when i is a uint32. Newer versions of the code from apple (hfs 407.200.4) has changed the definition of i to int32 which at least means 0-1 is -1 rather than a very very large number that is likely to be out of bounds of memory. -- Len Sorensen
