From: Martin Wilck <mwilck@xxxxxxxx>
Opening the same file repeatedly in a loop seems wrong.
For unknown reason, this patch caused gcc to diagnose a possible buffer
overflow for the device name, and I had to increase the buffer by
one byte.
Reviewed-by: Benjamin Marzinski <bmarzins@xxxxxxxxxx>
Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
---
kpartx/lopart.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/kpartx/lopart.c b/kpartx/lopart.c
index 9b65255..2661940 100644
--- a/kpartx/lopart.c
+++ b/kpartx/lopart.c
@@ -159,26 +159,28 @@ char *find_loop_by_file(const char *filename)
char *find_unused_loop_device(void)
{
- char dev[20], *next_loop_dev = NULL;
+ char dev[21], *next_loop_dev = NULL;
int fd, next_loop = 0, somedev = 0, someloop = 0, loop_known = 0;
+ int next_loop_fd;
struct stat statbuf;
struct loop_info loopinfo;
FILE *procdev;
+ next_loop_fd = open("/dev/loop-control", O_RDWR);
+ if (next_loop_fd < 0)
+ return NULL;
+
+ if (!(fstat(next_loop_fd, &statbuf) == 0 && S_ISCHR(statbuf.st_mode))) {
+ close(next_loop_fd);
+ return NULL;
+ }
+
while (next_loop_dev == NULL) {
- if (stat("/dev/loop-control", &statbuf) == 0 &&
- S_ISCHR(statbuf.st_mode)) {
- int next_loop_fd;
-
- next_loop_fd = open("/dev/loop-control", O_RDWR);
- if (next_loop_fd < 0)
- return NULL;
- next_loop = ioctl(next_loop_fd, LOOP_CTL_GET_FREE);
+ next_loop = ioctl(next_loop_fd, LOOP_CTL_GET_FREE);
+ if (next_loop < 0) {
close(next_loop_fd);
- if (next_loop < 0)
- return NULL;
+ return NULL;
}
-
sprintf(dev, "/dev/loop%d", next_loop);
fd = open (dev, O_RDONLY);
@@ -199,6 +201,9 @@ char *find_unused_loop_device(void)
}
break;
}
+
+ close(next_loop_fd);
+
if (next_loop_dev)
return next_loop_dev;
--
2.33.1
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel
