Hi all,
Found by Anders Johansson <ajohansson@xxxxxxxxxx>, vgscan may
segment in datastruct/hash.c at
memcmp(key, (*c)->key, len). It happens because the (*c)->key is much
shorter than the key, and the
memory area following (*c)->key is unaccessable at the time.
(gdb) p (*c)->key
$1 = 0x80229fb4 "/dev/disk/by-id/ccw-LXD332"
(gdb) x/80cb 0x80229fb4
0x80229fb4: 47 '/' 100 'd' 101 'e' 118 'v' 47 '/' 100 'd' 105 'i' 115 's'
0x80229fbc: 107 'k' 47 '/' 98 'b' 121 'y' 45 '-' 105 'i' 100 'd' 47 '/'
0x80229fc4: 99 'c' 99 'c' 119 'w' 45 '-' 76 'L' 88 'X' 68 'D' 51 '3'
0x80229fcc: 51 '3' 50 '2' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x80229fd4: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x80229fdc: 0 '\0' 0 '\0' 0 '\0' 49 '1' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x80229fe4: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x80229fec: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x80229ff4: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x80229ffc: 0 '\0' 0 '\0' 0 '\0' 0 '\0' Cannot access memory at
address 0x8022a000
I generate a patch against the latest git tree. Please consider it
for inclusion.
Thanks.
diff --git a/libdm/datastruct/hash.c b/libdm/datastruct/hash.c
index 9f8eff6..16d8896 100644
--- a/libdm/datastruct/hash.c
+++ b/libdm/datastruct/hash.c
@@ -143,9 +143,13 @@ static struct dm_hash_node **_find(struct dm_hash_table *t, const char *key,
unsigned h = _hash(key, len) & (t->num_slots - 1);
struct dm_hash_node **c;
- for (c = &t->slots[h]; *c; c = &((*c)->next))
+ for (c = &t->slots[h]; *c; c = &((*c)->next)) {
+ if ((*c)->keylen != len)
+ continue
+
if (!memcmp(key, (*c)->key, len))
break;
+ }
return c;
}
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
