Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 Jan 2010 10:34:35 +0900 (JST)
From:      Daisuke Aoyama <aoyama@peach.ne.jp>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   i386/143389: fdisk(8) cannot handle above 1TB under i386 system.
Message-ID:  <201001310134.o0V1YZDI041030@hera.peach.ne.jp.private>
Resent-Message-ID: <201001310140.o0V1e8P7046020@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         143389
>Category:       i386
>Synopsis:       fdisk(8) cannot handle above 1TB under i386 system.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 31 01:40:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Daisuke Aoyama
>Release:        FreeBSD 7.1-RELEASE-p10 i386
>Organization:
>Environment:
System: FreeBSD hera.peach.ne.jp.private 7.1-RELEASE-p10 FreeBSD 7.1-RELEASE-p10 #0: Wed Jan 13 13:18:46 JST 2010 aoyama@hera.peach.ne.jp.private:/usr/src/sys/i386/compile/ISCSI i386


	
>Description:
I first noticed at the post of FreeNAS forum below.
http://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=78&t=5558&start=0

The reason is /sbin/fdisk reads config value by strtol(3) as signed long which is 32 bits on i386.
At least, this bug still exists in HEAD.

structure definition:
>How-To-Repeat:
/sbin/fdisk -f <above config> on 2TB disk.
>Fix:
use unsigned long/int or more wide type.
(strtoul, etc)
>Release-Note:
>Audit-Trail:
>Unformatted:
 >>typedef struct cmd {
 >>    char                cmd;
 >>    int                 n_args;
 >>    struct arg {
 >>        char    argtype;
 >>        int     arg_val;		//signed int (32bit)
 >>    }                   args[MAX_ARGS];
 >>} CMD;
 
 in function parse_config_line():
 >> command->args[command->n_args].arg_val = strtol(cp, &end, 0);  // return as signed long
 
 strtol(3) is overflow if the value > LONG_MAX(0x7fffffffL on i386).
 As a result, the partition have wrong size and boundary.
 Once wrong partition is created, writing to it will cause data loss of next/previous partition.
 
 I tested following config on 2TB disk.
 
 g c261083 h255 s63
 p 1 165 1 2097152
 p 2 165 2097154 4175429632
 p 3 165 4177526787 16777216
 p 4 0 0 0
 a 1
 
 Please see above the link for more detail.
 I am not checking other utilities.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001310134.o0V1YZDI041030>