diff options
| author | Andrey Ulanov <andreyu@google.com> | 2015-06-10 20:02:06 -0700 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-06-13 02:53:36 +0000 |
| commit | 1eb83efdba367db2a590eb94a0cc45cd538aa696 (patch) | |
| tree | 72efa521b7d5357346c7054c65243454e6234c1e /cgpt/cgpt_repair.c | |
| parent | 637ff03502f3511d90e8d79cc1c52b3be01d6cd3 (diff) | |
| download | vboot-1eb83efdba367db2a590eb94a0cc45cd538aa696.tar.gz | |
cgpt repair: fix segfault which occurs when one of the headers is badstabilize-7202.Bstabilize-7199.Bstabilize-7173.B
When one of GPT headers is invalid the corresponding partition table
is not loaded and corresponding pointers in GptData are NULL.
GptRepair will try to memcpy one entries table to another which
results in SIGSEGV.
This change fixes it by freeing and then reallocating bad copy of
partition table. This potentially fixes problems which would occur
if two tables have different size.
Change that initially introduced this problem by not always allocating
secondary_entries:
https://chromium-review.googlesource.com/223800
TEST="cgpt repair" works where it previously didn't
TEST=make runtests
BUG=brillo:1203
BRANCH=none
Change-Id: Ibb2fcf33faa5ba157b0865d04c90ee3f26eee113
Reviewed-on: https://chromium-review.googlesource.com/276766
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Andrey Ulanov <andreyu@google.com>
Tested-by: Andrey Ulanov <andreyu@google.com>
Diffstat (limited to 'cgpt/cgpt_repair.c')
| -rw-r--r-- | cgpt/cgpt_repair.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/cgpt/cgpt_repair.c b/cgpt/cgpt_repair.c index 1880ea5b..ebe034b1 100644 --- a/cgpt/cgpt_repair.c +++ b/cgpt/cgpt_repair.c @@ -24,6 +24,24 @@ int CgptRepair(CgptRepairParams *params) { printf("GptSanityCheck() returned %d: %s\n", gpt_retval, GptError(gpt_retval)); + GptHeader *header; + if (MASK_PRIMARY == drive.gpt.valid_headers || + MASK_BOTH == drive.gpt.valid_headers) { + header = (GptHeader *)(drive.gpt.primary_header); + } else { + header = (GptHeader *)(drive.gpt.secondary_header); + } + + if (MASK_PRIMARY == drive.gpt.valid_entries) { + free(drive.gpt.secondary_entries); + drive.gpt.secondary_entries = + malloc(header->size_of_entry * header->number_of_entries); + } else if (MASK_SECONDARY == drive.gpt.valid_entries) { + free(drive.gpt.primary_entries); + drive.gpt.primary_entries = + malloc(header->size_of_entry * header->number_of_entries); + } + GptRepair(&drive.gpt); if (drive.gpt.modified & GPT_MODIFIED_HEADER1) printf("Primary Header is updated.\n"); |