Bug#519172: [jbowler@acm.org: RE: Test images for Debian lenny rc2 available]
Background analysis:
----- Forwarded message from John Bowler <jbowler@acm.org> -----
From: John Bowler <jbowler@acm.org>
Reply-To: jbowler@acm.org
Subject: RE: Test images for Debian lenny rc2 available
Date: Mon, 9 Mar 2009 15:51:57 -0700
To: 'Marc Singer' <elf@buici.com>
Cc: 'Rod Whitby' <rod@whitby.id.au>, 'Martin Michlmayr' <tbm@cyrius.com>
X-Mailer: Microsoft Office Outlook 12.0
X-Originating-IP: 74.32.171.36
From: Marc Singer [mailto:elf@buici.com]
>I don't think I ever did that. The two SLUGs that I've been using
>both have FFs in the SysConf. Could it be the case that because I
>never ran the Linksys FW, the sysconf was never written?
Yes, I'm pretty sure that's the case.
One other mystery is that devio is outputting that particular error.
0xffffffff is going to cause an arithmetic overflow in my version of devio,
because it calculates <current-offset>+number, which will end up being '3'.
This is a bug in devio - mtd_readbytes should compare the number of bytes
(unsigned) against size_mtd(pfile)-pfile->useroffset (a calculation
guaranteed not to overflow, given that useroffset will always be <=
size_mtd.)
That bug would hide the error in the handling of an uninitialized version of
SysConf. The bug would not happen if your OS has a 64 bit file system (if
at least one of off_t and size_t is 64 bits). (devio arithmetic is all
unsigned.)
I'm looking at line 65 of /etc/init.0/sysconfsetup, if you're still using
that, and it says (on my very old Slug):
devio "<<$sysdev" cpb fb1,10 | {horrible sed command}
I think that all it needs to do is check the length first:
devio "<<$sysdev" '!? b$4->' && devio "<<$sysdev" cpb fb1,10 |
{horrible sed command}
I.e. check the length to ensure it is not greater than the device length-4.
John Bowler <jbowler@acm.org>
----- End forwarded message -----
--
Martin Michlmayr
http://www.cyrius.com/
Reply to: