From: Zdenek Kabelac <zkabelac@redhat.com>
Date: Tue, 8 Mar 2011 22:43:19 +0000 (+0000)
Subject: Fix reading byte from char params[-1] position
X-Git-Tag: old-v2_02_85~110
X-Git-Url: https://sourceware.org/git/?a=commitdiff_plain;h=d9785ae4f161ad7ef1d48b4101ed9217b52255ed;p=lvm2.git

Fix reading byte from char params[-1] position

When the ->params string is empty - memory access is made on the byte
before allocated buffer (catched by valgrind) - in the case it would
constain 0x20 - it would even overwrite this buffer.
So fix by checking len > 0 before doing such access.
Also slightly optimise this loop from repeated strlen call.
---

diff --git a/WHATS_NEW_DM b/WHATS_NEW_DM
index 59f43666b..4c3ac0aa2 100644
--- a/WHATS_NEW_DM
+++ b/WHATS_NEW_DM
@@ -1,5 +1,6 @@
 Version 1.02.64 - 
 ===================================
+  Fix memory access of empty params string in _reload_with_suppression_v4().
   Lower severity of selabel_lookup and matchpathcon failure to log_debug.
   Accept multiple mapped device names on many dmsetup command lines.
   Fix dm_udev_wait calls in dmsetup to occur before readahead display not after.
diff --git a/libdm/ioctl/libdm-iface.c b/libdm/ioctl/libdm-iface.c
index 8755f59b2..241e7927c 100644
--- a/libdm/ioctl/libdm-iface.c
+++ b/libdm/ioctl/libdm-iface.c
@@ -1836,6 +1836,7 @@ static int _reload_with_suppression_v4(struct dm_task *dmt)
 {
 	struct dm_task *task;
 	struct target *t1, *t2;
+	size_t len;
 	int r;
 
 	/* New task to get existing table information */
@@ -1878,8 +1879,9 @@ static int _reload_with_suppression_v4(struct dm_task *dmt)
 	t2 = task->head;
 
 	while (t1 && t2) {
-		while (t2->params[strlen(t2->params) - 1] == ' ')
-			t2->params[strlen(t2->params) - 1] = '\0';
+		len = strlen(t2->params);
+		while (len-- > 0 && t2->params[len] == ' ')
+			t2->params[len] = '\0';
 		if ((t1->start != t2->start) ||
 		    (t1->length != t2->length) ||
 		    (strcmp(t1->type, t2->type)) ||