[PATCH 1/3] libparted: fix a bug in the hfs probe functions (#714758)

Fri, 07 Oct 2011 16:54:00 -0700 

From: "Brian C. Lane" <b...@redhat.com>

* libparted/fs/hfs/probe.c (hfsplus_probe): Add a check on the
  search value and reject it if it is negative.
  (hfsx_probe): Same
  (hfs_and_wrapper_probe): Same
---
 libparted/fs/hfs/probe.c |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/libparted/fs/hfs/probe.c b/libparted/fs/hfs/probe.c
index 8c656cf..bf4d70b 100644
--- a/libparted/fs/hfs/probe.c
+++ b/libparted/fs/hfs/probe.c
@@ -82,7 +82,8 @@ hfs_and_wrapper_probe (PedGeometry* geom)
                  + ((PedSector) PED_BE16_TO_CPU (mdb->total_blocks)
                     * (PED_BE32_TO_CPU (mdb->block_size) / 
PED_SECTOR_SIZE_DEFAULT )));
        max = search + (PED_BE32_TO_CPU (mdb->block_size) / 
PED_SECTOR_SIZE_DEFAULT);
-       if (!(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
+       if ((search < 0)
+           || !(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 
2)))
                return NULL;
 
        for (; search < max; search++) {
@@ -141,8 +142,9 @@ hfsplus_probe (PedGeometry* geom)
                      - 2;
                search = max - 2 * ( PED_BE32_TO_CPU (vh->block_size)
                                     / PED_SECTOR_SIZE_DEFAULT ) + 2;
-               if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
-                                                  search + 2)))
+               if ((search < 0)
+                   || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+                                                     search + 2)))
                        return NULL;
 
                for (; search < max; search++) {
@@ -156,8 +158,9 @@ hfsplus_probe (PedGeometry* geom)
                search = ((PedSector) PED_BE32_TO_CPU (vh->total_blocks) - 1)
                      * ( PED_BE32_TO_CPU (vh->block_size) / 
PED_SECTOR_SIZE_DEFAULT )
                      - 1;
-               if (!ped_geometry_set (geom_ret, geom_ret->start,
-                                              search + 2)
+               if ((search < 0)
+                   || !ped_geometry_set (geom_ret, geom_ret->start,
+                                         search + 2)
                    || !ped_geometry_read (geom_ret, buf, search, 1)
                    || vh->signature != PED_CPU_TO_BE16 (HFSP_SIGNATURE)) {
                        ped_geometry_destroy (geom_ret);
@@ -213,8 +216,9 @@ hfsx_probe (PedGeometry* geom)
                      * ( PED_BE32_TO_CPU (vh->block_size) / 
PED_SECTOR_SIZE_DEFAULT )
                      - 2;
        search = max - ( PED_BE32_TO_CPU (vh->block_size) / 
PED_SECTOR_SIZE_DEFAULT );
-       if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
-                                          search + 2)))
+       if ((search < 0)
+           || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+                                             search + 2)))
                return NULL;
        for (; search < max; search++) {
                if (!ped_geometry_set (geom_ret, geom_ret->start,
-- 
1.7.6.4


_______________________________________________
bug-parted mailing list
bug-parted@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-parted

Reply via email to