read_diskdump() returns successfully for illegal 0-size page descriptors. Page descriptors are illegal if their size member holds 0 because makedumpfile never puts 0 there because any data never result in 0 byte by compression. If page descriptors hold 0 in size member, it means the crash dump file is corrupted for some reason. The root cause of this is that sanity check of function cache_page() doesn't focus on such 0-size page descriptors. Then, the 0-size page descriptor is passed to pread(), pread() immediately returns 0 successfully because read data is 0 byte, and then read_diskdump() returns successfully. To fix this issue, let the sanity check take into account such 0-size page descriptors and read_diskdump() result in READ_ERROR. Signed-off-by: HATAYAMA Daisuke <d.hatayama@xxxxxxxxxxx> --- diskdump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/diskdump.c b/diskdump.c index 2c284ff..2be7cc7 100644 --- a/diskdump.c +++ b/diskdump.c @@ -1210,7 +1210,7 @@ cache_page(physaddr_t paddr) return ret; /* sanity check */ - if (pd.size > block_size) + if (pd.size > block_size || !pd.size) return READ_ERROR; /* read page data */ -- 2.25.1 -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/crash-utility Contribution Guidelines: https://github.com/crash-utility/crash/wiki
