Since gptfdisk is used to parse MBR and GPT partition tables from
untrusted USB and SD card storage devices, we should get a fuzzer
wired up to hunt for security issues.
To enable the fuzzer, we create a new "diskio-heap" implementation
for backing I/O operations, which allows us to treat the fuzzer
input as a fake block device. These changes are as minimal as
possible to avoid future merge conflicts.
The single corpus input is a sample block device with a single
empty GPT partition created using these commands:
$ losetup /dev/loop0 typical.bin
$ gdisk /dev/loop0
And the final table is:
Number Start (sector) End (sector) Size Code Name
1 34 38 2.5 KiB 8300 Linux filesystem
Bug: 170783842
Test: SANITIZE_HOST=address make ${FUZZER_NAME} && ${ANDROID_HOST_OUT}/fuzz/$(get_build_var HOST_ARCH)/${FUZZER_NAME}/${FUZZER_NAME}
Change-Id: I21a2a5f7f1019365accf8fd74c958aaafe7f7ff7
If a maliciously formatted USB or SD Card device was inserted into an
Android device, the sgdisk tool could crash. This crash occurs because
sgdisk does not validate that the number of GPT partition entries
specified on disk matches the internal maximum permitted by the GPT spec.
Fix this by sanity checking the on disk parameter before using it.
After the fix, sgdisk detects the corrupt GPT during the formatting
procedure, but it is harmlessly zapped and replaced with a new one.
Test: before fix, saw sgdisk crash while the device was booting up
Test: after fix, no more sgdisk crashes
Test: went through "portable storage" and "adopted storage" wizard flows
using the cuttlefish virtual device and a malicious partition
table flashed to the device
Bug: 152874864
Change-Id: Iec64bc2ef5c31ad985126f9cf3b755eec7de3abe
Change 2c2deeb032 is reverted in this
merge. Because it conflicts with upstream option "move-main-table".
Change-Id: I2c1cb67a95139879333a430eb0e8b34f6b396c32
This reverts commit 74b7490a22.
This change caused a regression in fugu usb formatting.
Bug: 35217931
Test: None
Change-Id: I50c73bde912a7c941e1d67d41bfab02042db88eb
Updates gpftdisk to the latest version 0.8.10 (ish) -> 1.0.1
The downstream patches should be uneffected.
Change-Id: I527678c0b24194f3947e360f0f38c45cfa3b0d1c
