Should I report this upstream? # fsck -a /dev/sdb1 fsck from util-linux 2.19.1 dosfsck 3.0.11, 24 Dec 2010, FAT32, LFN /DCIM/,.\000 Bad short file name (,.\000). Auto-renaming it. Renamed to FSCK0000.000 /DCIM "." is missing. Can't fix this yet. /DCIM ".." is missing. Can't fix this yet. /DCIM/, Start does point to root directory. Deleting dir. /DCIM/FSCK0000.000 Start does point to root directory. Deleting dir. /DCIM/101OLYEP Contains a free cluster (32767). Assuming EOF. *** buffer overflow detected ***: fsck.vfat terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x4b)[0xb778d4ab] /lib/libc.so.6(+0xda6ce)[0xb778b6ce] /lib/libc.so.6(__vsprintf_chk+0x0)[0xb778ae04] /lib/libc.so.6(_IO_default_xsputn+0x94)[0xb771709e] /lib/libc.so.6(_IO_vfprintf+0x1fef)[0xb76ee432] /lib/libc.so.6(__vsprintf_chk+0xa1)[0xb778aea5] /lib/libc.so.6(__sprintf_chk+0x2d)[0xb778adf9] fsck.vfat[0x804c612] fsck.vfat[0x804e7ee] fsck.vfat[0x80493c3] /lib/libc.so.6(__libc_start_main+0xe6)[0xb76c7df2] fsck.vfat[0x8048e11] ======= Memory map: ======== 08048000-08053000 r-xp 00000000 08:03 11881603 /sbin/dosfsck 08053000-08054000 r--p 0000a000 08:03 11881603 /sbin/dosfsck 08054000-08055000 rw-p 0000b000 08:03 11881603 /sbin/dosfsck 08055000-08096000 rw-p 00000000 00:00 0 [heap] b75e6000-b75fe000 r-xp 00000000 08:03 28574938 /usr/lib/gcc/i686-pc-linux-gnu/4.5.2/libgcc_s.so.1 b75fe000-b75ff000 r--p 00017000 08:03 28574938 /usr/lib/gcc/i686-pc-linux-gnu/4.5.2/libgcc_s.so.1 b75ff000-b7600000 rw-p 00018000 08:03 28574938 /usr/lib/gcc/i686-pc-linux-gnu/4.5.2/libgcc_s.so.1 b7634000-b76b1000 rw-p 00000000 00:00 0 b76b1000-b77fe000 r-xp 00000000 08:03 35340762 /lib/libc-2.13.so b77fe000-b7800000 r--p 0014d000 08:03 35340762 /lib/libc-2.13.so b7800000-b7801000 rw-p 0014f000 08:03 35340762 /lib/libc-2.13.so b7801000-b7804000 rw-p 00000000 00:00 0 b7837000-b7839000 rw-p 00000000 00:00 0 b7839000-b7854000 r-xp 00000000 08:03 35340761 /lib/ld-2.13.so b7854000-b7855000 r--p 0001b000 08:03 35340761 /lib/ld-2.13.so b7855000-b7856000 rw-p 0001c000 08:03 35340761 /lib/ld-2.13.so bfbb4000-bfbd6000 rw-p 00000000 00:00 0 [stack] ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] Warning... fsck.vfat for device /dev/sdb1 exited with signal 6. # gdb /sbin/fsck.vfat /var/dumps/core.fsck.vfat.3718 GNU gdb (Gentoo 7.2 p1) 7.2 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu". For bug reporting instructions, please see: <http://bugs.gentoo.org/>... Reading symbols from /sbin/fsck.vfat...done. [New Thread 3718] warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/gcc/i686-pc-linux-gnu/4.5.2/libgcc_s.so.1...done. Loaded symbols for /usr/lib/gcc/i686-pc-linux-gnu/4.5.2/libgcc_s.so.1 Core was generated by `fsck.vfat -a /dev/sdb1'. Program terminated with signal 6, Aborted. #0 0xffffe424 in __kernel_vsyscall () (gdb) where #0 0xffffe424 in __kernel_vsyscall () #1 0xb76db1b1 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0xb76dc6d4 in abort () at abort.c:92 #3 0xb7713867 in __libc_message (do_abort=2, fmt=0xb77db9fb "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:186 #4 0xb778d4ab in __fortify_fail (msg=0xb77db97c "buffer overflow detected") at fortify_fail.c:32 #5 0xb778b6ce in __chk_fail () at chk_fail.c:29 #6 0xb778ae04 in _IO_str_chk_overflow (fp=0xbfbd3b40, c=48) at vsprintf_chk.c:35 #7 0xb771709e in _IO_default_xsputn (f=0xbfbd3b40, data=0xbfbd3a87, n=1) at genops.c:485 #8 0xb76ee432 in _IO_vfprintf_internal (s=Cannot access memory at address 0xe86 ) at vfprintf.c:1598 #9 0xb778aea5 in ___vsprintf_chk (s=0xbfbd3d50 "FSCK000", flags=1, slen=8, format=0x80521b1 "FSCK%04dREC", args=0xbfbd3c20 "") at vsprintf_chk.c:87 #10 0xb778adf9 in ___sprintf_chk (s=0xbfbd3d50 "FSCK000", flags=1, slen=8, format=0x80521b1 "FSCK%04dREC") at sprintf_chk.c:33 #11 0x0804c612 in sprintf (fs=0xbfbd3dd8, de=0xbfbd3d50, pattern=0x80521b1 "FSCK%04dREC") at /usr/include/bits/stdio2.h:34 #12 alloc_rootdir_entry (fs=0xbfbd3dd8, de=0xbfbd3d50, pattern=0x80521b1 "FSCK%04dREC") at src/check.c:177 #13 0x0804e7ee in reclaim_file (fs=0xbfbd3dd8) at src/fat.c:489 #14 0x080493c3 in main (argc=3, argv=0xbfbd3ee4) at src/dosfsck.c:174 (gdb) bt full #0 0xffffe424 in __kernel_vsyscall () No symbol table info available. #1 0xb76db1b1 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = <value optimized out> resultvar = <value optimized out> pid = -1216348172 selftid = 3718 #2 0xb76dc6d4 in abort () at abort.c:92 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0xb77abe99 <_dl_addr+179>, sa_sigaction = 0xb77abe99 <_dl_addr+179>}, sa_mask = {__val = {3078968516, 134561992, 134514452, 3216846600, 489, 3216846568, 134513684, 3216846412, 4, 3216846496, 3078031821, 134516241, 134514436, 3216846496, 3078619124, 11, 4, 3216846616, 3078137834, 4, 3216846496, 4, 0, 5, 3077340428, 2, 3, 3078469997, 3078470001, 3078460525, 3078460472, 4}}, sa_flags = -1216497287, sa_restorer = 0xb77db975} sigs = {__val = {32, 0 <repeats 31 times>}} #3 0xb7713867 in __libc_message (do_abort=2, fmt=0xb77db9fb "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:186 ap = 0x37 <Address 0x37 out of bounds> ap_copy = 0xbfbd3528 "|\271}\267oL\275\277|\271}\267\364\377\177\267\207:\275\277@;\275\277L5\275\277ζx\267\364\377\177\267T5\275\277\004\256x\267\204\065\275\277\236pq\267@;\275\277\060" fd = 4 on_2 = <value optimized out> list = <value optimized out> nlist = <value optimized out> cp = <value optimized out> written = <value optimized out> #4 0xb778d4ab in __fortify_fail (msg=0xb77db97c "buffer overflow detected") at fortify_fail.c:32 No locals. #5 0xb778b6ce in __chk_fail () at chk_fail.c:29 No locals. #6 0xb778ae04 in _IO_str_chk_overflow (fp=0xbfbd3b40, c=48) at vsprintf_chk.c:35 No locals. #7 0xb771709e in _IO_default_xsputn (f=0xbfbd3b40, data=0xbfbd3a87, n=1) at genops.c:485 s = 0xbfbd3a88 "" more = <value optimized out> #8 0xb76ee432 in _IO_vfprintf_internal (s=Cannot access memory at address 0xe86 ) at vfprintf.c:1598 step0_jumps = {0, -14811, -11919, -11847, -11772, -11702, -11615, -11384, -11106, -10760, -10566, -10183, -10042, -5580, -5751, -5477, -5507, -5492, -8320, -4299, -4560, -9960, -3938, -4972, -3706, -3641, -4896, -5690, -10042, -11471} space = 0 is_short = <value optimized out> use_outdigits = <value optimized out> step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -10760, -10566, -10183, -10042, -5580, -5751, -5477, -5507, -5492, -8320, -4299, -4560, -9960, -3938, -4972, -3706, -3641, -4896, -5690, -10042, 0} group = <value optimized out> prec = 0 step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -10566, -10183, -10042, -5580, -5751, -5477, -5507, -5492, -8320, -4299, -4560, -9960, -3938, -4972, -3706, -3641, -4896, -5690, -10042, 0} string = 0xbfbd3a87 "0" left = <value optimized out> is_long_double = <value optimized out> width = <value optimized out> step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -10261, 0, 0, 0, -5751, -5477, -5507, -5492, -8320, 0, 0, 0, 0, -4972, 0, 0, 0, 0, 0, 0} alt = 0 showsign = 0 is_long = <value optimized out> is_char = <value optimized out> pad = 48 '0' step3b_jumps = {0 <repeats 11 times>, -10042, 0, 0, -5751, -5477, -5507, -5492, -8320, -4299, -4560, -9960, -3938, -4972, -3706, -3641, -4896, 0, 0, 0} step4_jumps = {0 <repeats 14 times>, -5751, -5477, -5507, -5492, -8320, -4299, -4560, -9960, -3938, -4972, -3706, -3641, -4896, 0, 0, 0} is_negative = 0 number = {longlong = 0, word = 0} base = 10 the_arg = {pa_wchar = -1216000068 L'¼', pa_int = -1216000068, pa_long_int = -1216000068, pa_long_long_int = -4630479280407228484, pa_u_int = 3078967228, pa_u_long_int = 3078967228, pa_u_long_long_int = 13816264793302323132, pa_double = -0.11419109802710542, pa_long_double = 1.2985578237651331802829880401053345e+2057, pa_string = 0xb7854fbc "\364\276\001", pa_wstring = 0xb7854fbc L"\x1bef4", pa_pointer = 0xb7854fbc, pa_user = 0xb7854fbc} spec = 100 'd' _buffer = {__routine = 0x8048800, __arg = 0xb76bdfec, __canceltype = 134514084, __prev = 0x1} _avail = <value optimized out> thousands_sep = <value optimized out> grouping = <value optimized out> done = 7 ---Type <return> to continue, or q <return> to quit--- f = <value optimized out> lead_str_end = 0x80521b5 "%04dREC" end_of_spec = <value optimized out> work_buffer = "\001\000\000\000\000\000\000\000\364\377\177\267\340\004\200\267\200\033\005\bH<\275\277x\335n\267\340\004\200\267o\033\005\b\021", '\000' <repeats 15 times>"\255, \035\204\267\217\071l\267\363\210\004\b\000\000\000\000\000\000\000\000\021\000\000\000o\033\005\b\241\200\204\267\255\035\204\267\217\071l\267\363\210\004\b\250<k\267\001\000\000\000\260\206\203\267\002\000\204\267\241\200\204\267$\207\004\b\340[\205\267\274O\205\267\270Mk\267\255\035\204\267\217\071l\267\363\210\004\b\000\000\000\000\354Mk\267\260\206\203\267\002\000\275\277\241\200\204\267", '\000' <repeats 20 times>"\373, \377\377\377\000\000\000\000\370X\205\267 ", '\000' <repeats 15 times>, "\001\000\000\000\377\177\000\000\000\000\000\000\224<\275\277\002\000\000\000\377\377\377\377\000\000\000\000\023\t\000\000\033\000\000\000u\320k\267\000\000\000\000\n\000\000\000n\033\005\b\200\206\203\267\270;\275\277\370X\205\267K\002o\267\000\000\000\000P\033\005\b\000\000\000\000\000\000\000\000P\033\005\b@\000\000\000\354\337k\267$\206\004\b\001\000\000\000\274O\205\267\320\070\275\277\260Z\205\267\244\070\275\277\322%\204\267\224\070\275\277$\206\004"... workstart = <value optimized out> workend = <value optimized out> ap_save = 0xbfbd3c20 "" nspecs_done = <value optimized out> save_errno = 0 readonly_format = <value optimized out> jump_table = "\001\000\000\004\000\016\000\006\000\000\a\002\000\003\t\000\005\b\b\b\b\b\b\b\b\b\000\000\000\000\000\000\000\032\000\031\000\023\023\023\000\035\000\000\f\000\000\000\000\000\000\025\000\000\000\000\022\000\r\000\000\000\000\000\000\032\000\024\017\023\023\023\n\017\034\000\v\030\027\021\026\f\000\025\033\020\000\000\022\000\r" __PRETTY_FUNCTION__ = "_IO_vfprintf_internal" #9 0xb778aea5 in ___vsprintf_chk (s=0xbfbd3d50 "FSCK000", flags=1, slen=8, format=0x80521b1 "FSCK%04dREC", args=0xbfbd3c20 "") at vsprintf_chk.c:87 f = {_sbf = {_f = {_flags = -72515583, _IO_read_ptr = 0xbfbd3d50 "FSCK000", _IO_read_end = 0xbfbd3d50 "FSCK000", _IO_read_base = 0xbfbd3d50 "FSCK000", _IO_write_base = 0xbfbd3d50 "FSCK000", _IO_write_ptr = 0xbfbd3d57 "", _IO_write_end = 0xbfbd3d57 "", _IO_buf_base = 0xbfbd3d50 "FSCK000", _IO_buf_end = 0xbfbd3d57 "", _IO_save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = 2049, _flags2 = 4, _old_offset = 114, _cur_column = 0, _vtable_offset = 0 '\000', _shortbuf = "", _lock = 0x0, _offset = 1084121681836984, _codecvt = 0x0, _wide_data = 0xb77780e2, _freeres_list = 0x0, _freeres_buf = 0x3da00, _freeres_size = 0, _mode = -1, _unused2 = "\000@\000\000\310^\a\b\343\215v\267\330=\275\277\237\362\004\b\003\000\000\000\310^\a\b\000@\000\000\000\000\000\000\000\000\000"}, vtable = 0xb77ffd00}, _s = {_allocate_buffer = 0, _free_buffer = 0xbfbd3dd8}} ret = <value optimized out> #10 0xb778adf9 in ___sprintf_chk (s=0xbfbd3d50 "FSCK000", flags=1, slen=8, format=0x80521b1 "FSCK%04dREC") at sprintf_chk.c:33 arg = 0xbfbd3c20 "" done = 0 #11 0x0804c612 in sprintf (fs=0xbfbd3dd8, de=0xbfbd3d50, pattern=0x80521b1 "FSCK%04dREC") at /usr/include/bits/stdio2.h:34 No locals. #12 alloc_rootdir_entry (fs=0xbfbd3dd8, de=0xbfbd3d50, pattern=0x80521b1 "FSCK%04dREC") at src/check.c:177 root = 0x8075ec8 next_free = <value optimized out> scan = <value optimized out> curr_num = 0 offset = <value optimized out> #13 0x0804e7ee in reclaim_file (fs=0xbfbd3dd8) at src/fat.c:489 de = {{{name = "FSCK000", ext = "\000\000"}, name_ext = "FSCK000\000\000\000"}, attr = 0 '\000', lcase = 0 '\000', ctime_ms = 0 '\000', ctime = 0, cdate = 0, adate = 0, starthi = 0, time = 0, date = 0, start = 0, size = 0} offset = <value optimized out> orphan = {dir_ent = {{{name = "\b g\267\300a\005\b", ext = "\\[\a"}, name_ext = "\b g\267\300a\005\b\\[\a"}, attr = 8 '\b', lcase = 216 '\330', ctime_ms = 61 '=', ctime = 49085, cdate = 0, adate = 0, starthi = 1, time = 0, date = 65535, start = 65535, size = 0}, lfn = 0x0, offset = 578531510655713279, lfn_offset = 134700128, parent = 0x0, next = 0x0, first = 0xbfbd3dd8} reclaimed = <value optimized out> files = 1 changed = 1 i = <value optimized out> next = <value optimized out> walk = <value optimized out> num_refs = 0xb7634008 total_num_clusters = 62839 #14 0x080493c3 in main (argc=3, argv=0xbfbd3ee4) at src/dosfsck.c:174 fs = {nfats = 2, fat_start = 512, fat_size = 125952, fat_bits = 16, eff_fat_bits = 16, root_cluster = 0, root_start = 252416, root_entries = 512, data_start = 268800, cluster_size = 8192, clusters = 62837, fsinfo_start = 0, free_clusters = -1, backupboot_start = 0, fat = 0x8057018 "\370\377\370\377\377\377\377\377\005", cluster_owner = 0xb7672008, label = 0x8057008 "NO NAME "} salvage_files = 1 verify = 0 c = <value optimized out> n_files_check = 0 n_files_verify = 0 free_clusters = <value optimized out> (gdb) quit #
(In reply to comment #0) > Should I report this upstream? That might help.
I can confirm. There is a new version available: 2011-10-29: releasing 3.0.12 - bugfix in sector number calculations, bugfix in overflow of reclaims
should be all set now in the tree; thanks for the report! Commit message: Version bump. http://sources.gentoo.org/sys-fs/dosfstools/dosfstools-3.0.12.ebuild?rev=1.1 http://sources.gentoo.org/sys-fs/dosfstools/files/dosfstools-3.0.12-name-ext.patch?rev=1.1
