rpm/lvm2
SHA256
1
0
Fork 0
forked from pool/lvm2
Code Pull Requests Activity
lvm2/bug-1188141_toolcontext-fix-double-free-core-dumped-issue.patch
Gang He e8bec48e22 Accepting request 906108 from home:hmzhao:branches:openSUSE:Factory 
- lvm2: double free or corruption with invalid LVM_SYSTEM_DIR breaks guestfs-tools (bsc#1188141)
  + bug-1188141_toolcontext-fix-double-free-core-dumped-issue.patch
- replace exist patch with bug fixed patches
  - (remove) fate-31841_fsadm-add-support-for-btrfs.patch
  + (add) fate-31841-01_fsadm-add-support-to-resize-check-btrfs-filesystem.patch
  + (add) fate-31841-02_man-add-support-for-btrfs.patch
  + (add) fate-31841-03_tests-new-test-suite-of-fsadm-for-btrfs.patch

OBS-URL: https://build.opensuse.org/request/show/906108
OBS-URL: https://build.opensuse.org/package/show/Base:System/lvm2?expand=0&rev=302
2021-07-14 05:55:59 +00:00

63 lines
1.9 KiB
Diff
Raw Blame History

From db22a389cfb12eef77dfc2e1ce124ac83ed6c5a2 Mon Sep 17 00:00:00 2001
From: Heming Zhao <heming.zhao@suse.com>
Date: Tue, 13 Jul 2021 03:01:00 +0800
Subject: [PATCH] toolcontext: fix double free (core dumped) issue
How to trigger:
```
~ # export LVM_SYSTEM_DIR=_
~ # pvscan
No matching physical volumes found
double free or corruption (!prev)
Aborted (core dumped)
```
when LVM_SYSTEM_DIR is empty, _load_config_file() won't be called.
when LVM_SYSTEM_DIR is not empty, cfl->cft links into cmd->config_files
by _load_config_file()@lib/commands/toolcontext.c
core dumped code: _destroy_config()@lib/commands/toolcontext.c
```
/* CONFIG_FILE/CONFIG_MERGED_FILES */
if ((cft = remove_config_tree_by_source(cmd, CONFIG_MERGED_FILES)))
config_destroy(cft);
else if ((cft = remove_config_tree_by_source(cmd, CONFIG_FILE)))
config_destroy(cft); <=== first free the cft
dm_list_iterate_items(cfl, &cmd->config_files)
config_destroy(cfl->cft); <=== double free the cft
```
Fixes: c43f2f8ae08ed0555a300764c8644ea56f4f41e2
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
---
lib/commands/toolcontext.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/commands/toolcontext.c b/lib/commands/toolcontext.c
index b295a20efe52..742bdd9c2311 100644
--- a/lib/commands/toolcontext.c
+++ b/lib/commands/toolcontext.c
@@ -966,8 +966,13 @@ static void _destroy_config(struct cmd_context *cmd)
/* CONFIG_FILE/CONFIG_MERGED_FILES */
if ((cft = remove_config_tree_by_source(cmd, CONFIG_MERGED_FILES)))
config_destroy(cft);
- else if ((cft = remove_config_tree_by_source(cmd, CONFIG_FILE)))
+ else if ((cft = remove_config_tree_by_source(cmd, CONFIG_FILE))) {
+ dm_list_iterate_items(cfl, &cmd->config_files) {
+ if (cfl->cft == cft)
+ dm_list_del(&cfl->list);
+ }
config_destroy(cft);
+ }
dm_list_iterate_items(cfl, &cmd->config_files)
config_destroy(cfl->cft);
--
1.8.3.1
View Git Blame Copy Permalink