From bd635f86e8a3f674ff2ae37dc89e3342cae6d9cc Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 1 Oct 2009 22:49:44 +0200
Subject: [PATCH] libblkid: fix segfault in blkid_do_probe()

This:
	pr->cur_chain += sizeof(struct blkid_chain);

is nonsense of course, there should be a cast to (char *) or so.

It seems that the most robust solution is to avoid this game with
pointers and use chain->driver-id which is useful as array index.

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 shlibs/blkid/src/probe.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/shlibs/blkid/src/probe.c b/shlibs/blkid/src/probe.c
index 25be36ed..054cc920 100644
--- a/shlibs/blkid/src/probe.c
+++ b/shlibs/blkid/src/probe.c
@@ -679,10 +679,14 @@ int blkid_do_probe(blkid_probe pr)
 
 		if (!pr->cur_chain)
 			pr->cur_chain = &pr->chains[0];
-		else if (pr->cur_chain < &pr->chains[BLKID_NCHAINS - 1])
-			pr->cur_chain += sizeof(struct blkid_chain);
-		else
-			return 1;	/* all chains already probed */
+		else {
+			int idx = pr->cur_chain->driver->id + 1;
+
+			if (idx < BLKID_NCHAINS)
+				pr->cur_chain = &pr->chains[idx];
+			else
+				return 1;	/* all chains already probed */
+		}
 
 		chn = pr->cur_chain;
 		chn->binary = FALSE;		/* for sure... */
-- 
2.39.5