[PATCH] libdm: Fix memory corruption if dm

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] libdm: Fix memory corruption if dm_asprintf fails.
@ 2013-10-18  0:31 Mikulas Patocka
  2013-10-18  7:47 ` Zdenek Kabelac
  0 siblings, 1 reply; 2+ messages in thread
From: Mikulas Patocka @ 2013-10-18  0:31 UTC (permalink / raw)
  To: lvm-devel

I found this bug when reading through my lvm changes.

We must set the variable dmt->geometry to NULL after freeing it.

dm_asprintf may fail, on failure it may not set dmt->geometry, thus
dmt->geometry would be pointing to a free string.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>

---
 libdm/ioctl/libdm-iface.c |    1 +
 1 file changed, 1 insertion(+)

Index: lvm2-copy/libdm/ioctl/libdm-iface.c
===================================================================
--- lvm2-copy.orig/libdm/ioctl/libdm-iface.c	2013-10-18 02:26:07.000000000 +0200
+++ lvm2-copy/libdm/ioctl/libdm-iface.c	2013-10-18 02:26:16.000000000 +0200
@@ -817,6 +817,7 @@ int dm_task_set_geometry(struct dm_task
 			 const char *sectors, const char *start)
 {
 	dm_free(dmt->geometry);
+	dmt->geometry = NULL;
 	if (dm_asprintf(&(dmt->geometry), "%s %s %s %s",
 			cylinders, heads, sectors, start) < 0) {
 		log_error("dm_task_set_geometry: sprintf failed");



^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH] libdm: Fix memory corruption if dm_asprintf fails.
  2013-10-18  0:31 [PATCH] libdm: Fix memory corruption if dm_asprintf fails Mikulas Patocka
@ 2013-10-18  7:47 ` Zdenek Kabelac
  0 siblings, 0 replies; 2+ messages in thread
From: Zdenek Kabelac @ 2013-10-18  7:47 UTC (permalink / raw)
  To: lvm-devel

Dne 18.10.2013 02:31, Mikulas Patocka napsal(a):
> I found this bug when reading through my lvm changes.
>
> We must set the variable dmt->geometry to NULL after freeing it.
>
> dm_asprintf may fail, on failure it may not set dmt->geometry, thus
> dmt->geometry would be pointing to a free string.
>
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
>
> ---
>   libdm/ioctl/libdm-iface.c |    1 +
>   1 file changed, 1 insertion(+)
>
> Index: lvm2-copy/libdm/ioctl/libdm-iface.c
> ===================================================================
> --- lvm2-copy.orig/libdm/ioctl/libdm-iface.c	2013-10-18 02:26:07.000000000 +0200
> +++ lvm2-copy/libdm/ioctl/libdm-iface.c	2013-10-18 02:26:16.000000000 +0200
> @@ -817,6 +817,7 @@ int dm_task_set_geometry(struct dm_task
>   			 const char *sectors, const char *start)
>   {
>   	dm_free(dmt->geometry);
> +	dmt->geometry = NULL;
>   	if (dm_asprintf(&(dmt->geometry), "%s %s %s %s",
>   			cylinders, heads, sectors, start) < 0) {

Hi

dm_asprintf() ->  dm_vasprintf() ->  first thing it does is:  *result = 0;

So it should never return failure and leave  &dmt->geometry in undefined 
state. On error path it should always be set to NULL - unless there is a bug
in  dm_vasprintf() which would need to be fixed.

Zdenek

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-10-18  7:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-18  0:31 [PATCH] libdm: Fix memory corruption if dm_asprintf fails Mikulas Patocka
2013-10-18  7:47 ` Zdenek Kabelac

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.