libblkid: fix segfault in blkid_do_probe()

This:
	pr->cur_chain += sizeof(struct blkid_chain);

is nonsense of course, there should be a cast to (char *) or so.

It seems that the most robust solution is to avoid this game with
pointers and use chain->driver-id which is useful as array index.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/shlibs/blkid/src/probe.c b/shlibs/blkid/src/probe.c
index 25be36ed0a1d8994686c23a8acaad2a65a7b2906..054cc920cd22473c50830d5b611ce785cc5c57d4 100644 (file)
--- a/shlibs/blkid/src/probe.c
+++ b/shlibs/blkid/src/probe.c
@@ -679,10 +679,14 @@ int blkid_do_probe(blkid_probe pr)
 
                if (!pr->cur_chain)
                        pr->cur_chain = &pr->chains[0];
-               else if (pr->cur_chain < &pr->chains[BLKID_NCHAINS - 1])
-                       pr->cur_chain += sizeof(struct blkid_chain);
-               else
-                       return 1;       /* all chains already probed */
+               else {
+                       int idx = pr->cur_chain->driver->id + 1;
+
+                       if (idx < BLKID_NCHAINS)
+                               pr->cur_chain = &pr->chains[idx];
+                       else
+                               return 1;       /* all chains already probed */
+               }
 
                chn = pr->cur_chain;
                chn->binary = FALSE;            /* for sure... */