Adjust pointers to prevent crash when resizing a logical partition (#752587)

Opening the Resize/Move dialog on a logical partition causes GParted to
crash.  This crash affects current GParted GIT HEAD, but does not affect
GParted 0.22.0.  Git bisect identifies that it was broken with the
following commit:
    Remove Set_Data() from the copy, resize/move and new dialog class APIs
    7a4a375ed6

The problem was trying to treat the reference display_partitions_ref
like a pointer, and in particular on line 1732 trying to make it refer
to the a different vector of partitions, .logicals sub-vector.

  1721  void Win_GParted::activate_resize()
  1722  {
  ...
  1726          std::vector<Partition> & display_partitions_ref = display_partitions;
  1727          if ( selected_partition_ptr->type == TYPE_LOGICAL )
  1728          {
  1729                  unsigned int ext = 0 ;
  1730                  while ( ext < display_partitions.size() && display_partitions[ext].type != TYPE_EXTENDED )
  1731                          ext++;
* 1732                  display_partitions_ref = display_partitions[ext].logicals;
  1733          }
  1734
  1735          Dialog_Partition_Resize_Move dialog( gparted_core.get_fs( selected_partition_ptr->filesystem ),
  1736                                               *selected_partition_ptr,
  1737                                               display_partitions_ref );

What was actually happening was that the .logicals sub-vector was being
copied, replacing the display_partitions vector and freeing the original
sub-vector.  This left selected_partition_ptr pointing to the original
memory where the selected partition use to exist in the .logicals
sub-vector.  At some point in the Dialog_Partition_Resize_Move class
*selected_partition_ptr was referenced, accessing the freed memory.
Crash soon followed.

Fix by using a pointer instead of a reference, which can be assigned to
point to a different object.

Bug 752587 - GParted crashing when opening Resize/Move dialog on
             logical partition
This commit is contained in:
Curtis Gedak 2015-07-20 12:59:46 -06:00 committed by Mike Fleetwood
parent 8dff5af807
commit c7c42f2cc5
1 changed files with 3 additions and 3 deletions

View File

@ -1723,18 +1723,18 @@ void Win_GParted::activate_resize()
g_assert( selected_partition_ptr != NULL ); // Bug: Partition callback without a selected partition g_assert( selected_partition_ptr != NULL ); // Bug: Partition callback without a selected partition
g_assert( valid_display_partition_ptr( selected_partition_ptr ) ); // Bug: Not pointing at a valid display partition object g_assert( valid_display_partition_ptr( selected_partition_ptr ) ); // Bug: Not pointing at a valid display partition object
std::vector<Partition> & display_partitions_ref = display_partitions; std::vector<Partition> * display_partitions_ptr = &display_partitions;
if ( selected_partition_ptr->type == TYPE_LOGICAL ) if ( selected_partition_ptr->type == TYPE_LOGICAL )
{ {
unsigned int ext = 0 ; unsigned int ext = 0 ;
while ( ext < display_partitions.size() && display_partitions[ext].type != TYPE_EXTENDED ) while ( ext < display_partitions.size() && display_partitions[ext].type != TYPE_EXTENDED )
ext++; ext++;
display_partitions_ref = display_partitions[ext].logicals; display_partitions_ptr = &display_partitions[ext].logicals;
} }
Dialog_Partition_Resize_Move dialog( gparted_core.get_fs( selected_partition_ptr->filesystem ), Dialog_Partition_Resize_Move dialog( gparted_core.get_fs( selected_partition_ptr->filesystem ),
*selected_partition_ptr, *selected_partition_ptr,
display_partitions_ref ); *display_partitions_ptr );
dialog .set_transient_for( *this ) ; dialog .set_transient_for( *this ) ;
if ( dialog .run() == Gtk::RESPONSE_OK ) if ( dialog .run() == Gtk::RESPONSE_OK )