Bug#483900: grub-probe -t segfaults

[Philipp Kern]

On Sun, Jun 01, 2008 at 11:40:06AM +0200, Robert Millan wrote:
> I assume this didn't happen with 1.96+20080512-1 ?  There was a minor change
> in disk/lvm.c, but I don't see how it could produce a segfault.

With noopt,nostrip:

(gdb) run -t fs /
Starting program: /usr/sbin/grub-probe -t fs /

Program received signal SIGSEGV, Segmentation fault.
0x00002acf84258a80 in strcmp () from /lib/libc.so.6
(gdb) bt
#0  0x00002acf84258a80 in strcmp () from /lib/libc.so.6
#1  0x0000000000401e55 in get_drive (name=0x639030 "asterix-root")
    at /tmp/grub2-1.96+20080531/util/biosdisk.c:120
#2  0x0000000000401f3a in grub_util_biosdisk_open (
    name=0x639030 "asterix-root", disk=0x6390a0)
    at /tmp/grub2-1.96+20080531/util/biosdisk.c:151
#3  0x0000000000404d7c in grub_disk_open (name=0x639030 "asterix-root")
    at /tmp/grub2-1.96+20080531/kern/disk.c:249
#4  0x0000000000404570 in grub_device_open (name=0x639030 "asterix-root")
    at /tmp/grub2-1.96+20080531/kern/device.c:50
#5  0x000000000040184c in probe (path=0x7fff26ae1a99 "/", 
    device_name=0x639070 "/dev/mapper/asterix-root")
    at /tmp/grub2-1.96+20080531/util/grub-probe.c:166
#6  0x0000000000401dc4 in main (argc=4, argv=0x7fff26ae0288)
    at /tmp/grub2-1.96+20080531/util/grub-probe.c:372
(gdb) up
#1  0x0000000000401e55 in get_drive (name=0x639030 "asterix-root")
    at /tmp/grub2-1.96+20080531/util/biosdisk.c:120
120		if (! strcmp (map[i].drive, name))
(gdb) print i
$1 = 1
(gdb) print map[i]
$2 = {drive = 0x0, device = 0x0}
(gdb) print map
$3 = {{drive = 0x639270 "hd0", device = 0x639290 "/dev/sda"}, {drive = 0x0, 
    device = 0x0} <repeats 255 times>}
(gdb) print sizeof(map)
$4 = 4096
(gdb) print sizeof(map[0])
$5 = 16
(gdb) print sizeof(map) / sizeof(map[0])
$6 = 256

There is only one harddisk drive in this laptop.  It iterates from 0
until 255, but does not check if map[i] is valid at all.

Kind regards,
Philipp Kern