ubd_kern.c:do_io() may access uninitialized memory and divide requests
into smaller chunks than necessary. Found with Valgrind.
Signed-off-by: Steve VanDeBogart <[EMAIL PROTECTED]>
---
Index: linux-2.6.27-rc5/arch/um/drivers/ubd_kern.c
===================================================================
--- linux-2.6.27-rc5.orig/arch/um/drivers/ubd_kern.c 2008-08-29
15:50:19.000000000 -0700
+++ linux-2.6.27-rc5/arch/um/drivers/ubd_kern.c 2008-08-29 15:51:48.000000000
-0700
@@ -1218,8 +1218,7 @@
struct ubd *ubd_dev = disk->private_data;
io_req->req = req;
- io_req->fds[0] = (ubd_dev->cow.file != NULL) ? ubd_dev->cow.fd :
- ubd_dev->fd;
+ io_req->fds[0] = (ubd_dev->cow.file == NULL) ? -1 : ubd_dev->cow.fd;
io_req->fds[1] = ubd_dev->fd;
io_req->cow_offset = -1;
io_req->offset = offset;
@@ -1374,12 +1373,18 @@
nsectors = req->length / req->sectorsize;
start = 0;
do {
- bit = ubd_test_bit(start, (unsigned char *) &req->sector_mask);
- end = start;
- while((end < nsectors) &&
- (ubd_test_bit(end, (unsigned char *)
- &req->sector_mask) == bit))
- end++;
+ if (req->fds[0] == -1) {
+ bit = 1;
+ end = nsectors;
+ } else {
+ bit = ubd_test_bit(start,
+ (unsigned char *) &req->sector_mask);
+ end = start;
+ while ((end < nsectors) &&
+ (ubd_test_bit(end, (unsigned char *)
+ &req->sector_mask) == bit))
+ end++;
+ }
off = req->offset + req->offsets[bit] +
start * req->sectorsize;
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
