From 0e253fa234a16651e4c334b9599df016e7ed0cc7 Mon Sep 17 00:00:00 2001 From: Mike Fleetwood Date: Sat, 11 Jan 2014 15:18:01 +0000 Subject: [PATCH] Prevent crash when creating new partition on loop label (#721988) Write a loop partition table to a disk and then try to create a new partition on that disk crashes GParted. Analysis: 1) Loop partition table, actually just the signature / label "GNU Parted Loopback 0", is written to the disk. 2) create_partition() calls ped_disk_app_partition() to create the partition which, arguably erroneously, clears the loop signature. 3) In erase_filesystem_signatures(), get_device_and_disk() fails because there's no longer a loop signature for libparted to recognise. This leaves lp_device, lp_disk and lp_partition = NULL, but incorrectly overall_success = true. 4) Overall_success = true allows the signature erasure loop to run and evaluate lp_device->sector_size, dereferencing a NULL pointer and crashing GParted. Fix erase_filesystem_signatures() to correctly handle failure from get_device_and_disk(), broken by this commit: 246e05559d91865dd135690a62d56144f375c26b Clear btrfs file system super block mirror copies too (#705426) Bug #721988 - Crash when creating new partition on disk with loop label --- src/GParted_Core.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/GParted_Core.cc b/src/GParted_Core.cc index 26d7b697..1859a19a 100644 --- a/src/GParted_Core.cc +++ b/src/GParted_Core.cc @@ -3112,7 +3112,7 @@ bool GParted_Core::filesystem_resize_disallowed( const Partition & partition ) bool GParted_Core::erase_filesystem_signatures( const Partition & partition, OperationDetail & operationdetail ) { - bool overall_success = true ; + bool overall_success = false ; operationdetail .add_child( OperationDetail( String::ucompose( _("clear old file system signatures in %1"), partition .get_path() ) ) ) ; @@ -3137,6 +3137,7 @@ bool GParted_Core::erase_filesystem_signatures( const Partition & partition, Ope if ( buf ) memset( buf, 0, bufsize ) ; } + overall_success = device_is_open ; } //Erase all file system super blocks, including their signatures. The specified