barrett@daisy.ee.und.ac.za (Alan Barrett) writes:

>I have been having trouble with fsck for several weeks now.  My root
>partition is in a state that the current fsck is unable to fix, and I
...
>I tried running fsck under gdb, and at the point where the SIGSEGV
>occurs, gdb becomes unable to display a traceback, which leads me to
>suspect that the stack is getting clobbered.

I was having some fun with a segfaulting fsck a week ago.  The stack was
being clobbered as you note above.  I tracked down the bug for my particular
flavour of mangled filesystem to be in dirscan():

dirscan(idesc)  
        register struct inodesc *idesc;
{
...
        char dbuf[DIRBLKSIZ]; 
...
        for (dp = fsck_readdir(idesc); dp != NULL; dp = fsck_readdir(idesc)) {
                dsize = dp->d_reclen;
                bcopy((char *)dp, dbuf, (size_t)dsize);

As dsize is not being bounds checked, and particularly nasty mangling can
result in dsize > DIRBLKSIZE, there is a problem.  Any comments on what the
correct return value or other action would be for this out-of-bounds
condition?  return (SKIP), perhaps?

Andrew

------------------------------------------------------------------------------