[parted-devel] [PATCH] parted: fix crash due to improper partition number input
Wang Dong
dongdwdw at linux.vnet.ibm.com
Fri Dec 23 05:53:36 UTC 2016
When the user makes a new partition, if parted fails to add the
partition to disk, it jumps to wrong error label. In this
situation, this new partition actually is not a node in disk
data structure. But in the wrong error label, it pretends this
is a node and removes it as a list node, leading to other
partition in this disk deleted. This might lead to a memory leak.
Because if there are other partitions, it just removes them from
list without releasing the resource. And this also leads to different
disk information between memory and device. This is confusing.
But when the new partition is added to disk successfully and if
any operations followed fail, this partition should be removed from
disk and destroyed.
Signed-off-by: Wang Dong <dongdwdw at linux.vnet.ibm.com>
Signed-off-by: Hendrik Brueckner <brueckner at linux.vnet.ibm.com>
---
parted/ui.c | 26 ++++++++++++++++++++++----
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/parted/ui.c b/parted/ui.c
index 505b8ac..5d76c20 100644
--- a/parted/ui.c
+++ b/parted/ui.c
@@ -29,6 +29,8 @@
#include <unistd.h>
#include <setjmp.h>
#include <assert.h>
+#include <limits.h>
+#include <errno.h>
#include "command.h"
#include "strlist.h"
@@ -909,16 +911,30 @@ command_line_get_integer (const char* prompt, int* value)
{
char def_str [10];
char* input;
- int valid;
+ long ret;
snprintf (def_str, 10, "%d", *value);
input = command_line_get_word (prompt, *value ? def_str : NULL,
NULL, 1);
if (!input)
return 0;
- valid = sscanf (input, "%d", value);
+
+ errno = 0;
+ ret = strtol (input, (char**) NULL, 10);
+ if (errno)
+ goto error;
+
+ if ((ret > INT_MAX) || (ret < INT_MIN))
+ goto error;
+ else
+ *value = (int) ret;
+
free (input);
- return valid;
+ return 1;
+
+error:
+ free (input);
+ return 0;
}
int
@@ -1029,6 +1045,7 @@ command_line_get_partition (const char* prompt, PedDisk* disk,
PedPartition** value)
{
PedPartition* part;
+ int ret;
/* Flawed logic, doesn't seem to work?!
check = ped_disk_next_partition (disk, part);
@@ -1045,7 +1062,8 @@ command_line_get_partition (const char* prompt, PedDisk* disk,
*/
int num = (*value) ? (*value)->num : 0;
- if (!command_line_get_integer (prompt, &num)) {
+ ret = command_line_get_integer (prompt, &num);
+ if ((!ret) || (num < 0)) {
ped_exception_throw (PED_EXCEPTION_ERROR,
PED_EXCEPTION_CANCEL,
_("Expecting a partition number."));
--
2.8.4
More information about the parted-devel
mailing list