cp: avoid data-corrupting free-memory-read

* src/extent-scan.c (extent_scan_read): Reset our last_ei pointer whenever the parent buffer might have just been freed. * tests/cp/fiemap-extent-FMR.sh: New test. * tests/local.mk (all_tests): Add it. * NEWS (Bug fixes): Mention it. Reported by Mike Gerth in http://bugs.gnu.org/12656, and with help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85.
author: Jim Meyering <jim@meyering.net> 2012-10-16 17:43:49 +0200
committer: Jim Meyering <jim@meyering.net> 2012-10-17 18:17:56 +0200
commit: 64aef5fb9afecc023a6e719da161dbbf450908b8 (patch)
tree: a592f63d1dd77c6f946eb594a4828468f100db58 /NEWS
parent: c528f13136c8b3ed89d5d59bdc04f99872e10fa7 (diff)
download: coreutils-64aef5fb9afecc023a6e719da161dbbf450908b8.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index aff5bf18e..0fc2a94d1 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,11 @@ GNU coreutils NEWS                                    -*- outline -*-
 
 ** Bug fixes
 
+  cp could read from freed memory and could even make corrupt copies.
+  This could happen with a very fragmented and sparse input file,
+  on GNU/Linux file systems supporting fiemap extent scanning.
+  [bug introduced in coreutils-8.11]
+
   cp --no-preserve=mode now no longer preserves the original file's
   permissions but correctly sets mode specified by 0666 & ~umask
author	Jim Meyering <jim@meyering.net>	2012-10-16 17:43:49 +0200
committer	Jim Meyering <jim@meyering.net>	2012-10-17 18:17:56 +0200
commit	64aef5fb9afecc023a6e719da161dbbf450908b8 (patch)
tree	a592f63d1dd77c6f946eb594a4828468f100db58 /NEWS
parent	c528f13136c8b3ed89d5d59bdc04f99872e10fa7 (diff)
download	coreutils-64aef5fb9afecc023a6e719da161dbbf450908b8.tar.xz