Commit c227a1d8 authored Aug 21, 2015 by lei wang wang Committed by Mark Salyzyn Aug 21, 2015

libsparse: use strcmp and validate last_used pointer

This patch is used to fix two Bugs in backed_block.c

First, fix wrong comparing string way: we should use strcmp rather than
just compare their address. Second, fix using illegal memory risk in
bbl->last_used pointer. When entering queue_bb function,
bbl->last_used = new_bb, but in the following code if
queue_bb(xx, bb, new_bb) return ok, the space of new_bb is released. So
next time, if you use bbl->last_used pointer, may cause segment fault !

Change-Id: I6abb505f9b903b697448639fc64fb7518df5cca1

parent dcf89091

libsparse/backed_block.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -221,7 +221,8 @@ static int merge_bb(struct backed_block_list *bbl,
		}
		break;
		case BACKED_BLOCK_FILE:
		if (a->file.filename != b->file.filename \|\|
		/* Already make sure b->type is BACKED_BLOCK_FILE */
		if (strcmp(a->file.filename, b->file.filename) \|\|
		a->file.offset + a->len != b->file.offset) {
		return -EINVAL;
		}
		@@ -279,7 +280,10 @@ static int queue_bb(struct backed_block_list bbl, struct backed_block new_bb)
		}

		merge_bb(bbl, new_bb, new_bb->next);
		merge_bb(bbl, bb, new_bb);
		if (!merge_bb(bbl, bb, new_bb)) {
		/* new_bb destroyed, point to retained as last_used */
		bbl->last_used = bb;
		}

		return 0;
		}