From: Karel Zak <kzak@redhat.com>
Date: Thu, 1 Oct 2009 20:49:44 +0000 (+0200)
Subject: libblkid: fix segfault in blkid_do_probe()
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd635f86e8a3f674ff2ae37dc89e3342cae6d9cc;p=util-linux

libblkid: fix segfault in blkid_do_probe()

This:
	pr->cur_chain += sizeof(struct blkid_chain);

is nonsense of course, there should be a cast to (char *) or so.

It seems that the most robust solution is to avoid this game with
pointers and use chain->driver-id which is useful as array index.

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/shlibs/blkid/src/probe.c b/shlibs/blkid/src/probe.c
index 25be36ed..054cc920 100644
--- a/shlibs/blkid/src/probe.c
+++ b/shlibs/blkid/src/probe.c
@@ -679,10 +679,14 @@ int blkid_do_probe(blkid_probe pr)
 
 		if (!pr->cur_chain)
 			pr->cur_chain = &pr->chains[0];
-		else if (pr->cur_chain < &pr->chains[BLKID_NCHAINS - 1])
-			pr->cur_chain += sizeof(struct blkid_chain);
-		else
-			return 1;	/* all chains already probed */
+		else {
+			int idx = pr->cur_chain->driver->id + 1;
+
+			if (idx < BLKID_NCHAINS)
+				pr->cur_chain = &pr->chains[idx];
+			else
+				return 1;	/* all chains already probed */
+		}
 
 		chn = pr->cur_chain;
 		chn->binary = FALSE;		/* for sure... */