Hi!
I found a bug in the fsck.f2fs that cause infinite loop in
f2fs_parse_options(). To reproduce it you can call program with a
'-py' united options combination, but when it's separate '-p -y'
works well. Simply execute `./f2fs.fsck -py` to catch the bug.
Buggy part of a fsck/main.c code (unchanged since 2018):
> case 'p':
> /* preen mode has different levels:
> * 0: default level, the same as -a
> * 1: check meta
> * 2: same as 0, but will skip some
> * check for old kernel
> */
> if (optarg[0] == '-' || !is_digits(optarg) ||
> optind == argc) {
> MSG(0, "Info: Use default preen mode\n");
> c.preen_mode = PREEN_MODE_0;
> c.auto_fix = 1;
> optind--;
> break;
> }
The bug occurs when a case 'p' match and after it there is not
suitable argument so a decrement optind-- happened. Since the
option '-p' united with its argument a getopt increments optind
only by one, not by two, as expected. Therefore it enters to
infinite loop.
I couldn't find good solution. Changing a preen level options
semantic is impossible because breaks many scripts, for example
in initrd. Possible solution is use a two colons in optstring
that means optinal argument, but this is a GNU extension, so not
all standard libraries support it, in particular Musl.
--
Egor Shestakov
vedingrot ascii(0x40) gmail ascii(0x2E) com
