LineageOS/android_external_gptfdisk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: Fix negative stack write in sgdisk

Browse Source 
A maliciously formatted USB or SD Card device when inserted into an Android device could crash sgdisk. This crash occurs because sgdisk does does not validate the number of cyclic partitions, which leads to an integer underflow ultimately causing a negative indexed stack write.

Fix this by making sure the number of partitions don't go negative.

After the fix, sgdisk detects the broken GPT and partitions it correctly

Author: jasrajb@google.com
Bug: 158063095
Test: before fix, sgdisk crashed when USB with malicious GPT was inserted
Test: after fix, sgdisk didn't crash
Test: went through the "formatting" wizard with a malicious GPT and sgdisk successfully reformatted it to vfat
Change-Id: Ie0257a68f6a0140b98fb7d104dc2ffd1f5c2afde
This commit is contained in:
Jasraj Bedi
2020-06-06 01:42:05 +00:00
committed by Max Spector
parent 35bad4937d
commit 49602175a9
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
basicmbr.cc
View File

@@ -292,6 +292,7 @@ int BasicMBRData::ReadLogicalParts(uint64_t extendedStart, int partNum) {
if (EbrLocations[i] == offset) { // already read this one; infinite logical partition loop!
cerr << "Logical partition infinite loop detected! This is being corrected.\n";
allOK = -1;
if(partNum > 0) //don't go negative
partNum -= 1;
} // if
} // for