Blob Blame History Raw
From ce8663ee13e68b8f21dce6e2cf612d3809519787 Mon Sep 17 00:00:00 2001
From: Alasdair G Kergon <agk@redhat.com>
Date: Wed, 10 Jan 2018 02:03:32 +0000
Subject: [PATCH 12/25] allocation: Avoid exceeding array bounds in allocation
 tag code

If _limit_to_one_area_per_tag() changes nothing it writes beyond
the array.

(cherry picked from commit bacc94233368cf136b55e2574e969e7f53b31c6c)

Conflicts:
	WHATS_NEW
---
 WHATS_NEW               | 4 ++++
 lib/metadata/lv_manip.c | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/WHATS_NEW b/WHATS_NEW
index 2163a5e..9375a86 100644
--- a/WHATS_NEW
+++ b/WHATS_NEW
@@ -1,3 +1,7 @@
+Version 2.02.178 - 
+=====================================
+  Avoid exceeding array bounds in allocation tag processing.
+
 Version 2.02.177 - 18th December 2017
 =====================================
   When writing text metadata content, use complete 4096 byte blocks.
diff --git a/lib/metadata/lv_manip.c b/lib/metadata/lv_manip.c
index 70dc2d9..ac30dad 100644
--- a/lib/metadata/lv_manip.c
+++ b/lib/metadata/lv_manip.c
@@ -2737,7 +2737,8 @@ static int _limit_to_one_area_per_tag(struct alloc_handle *ah, struct alloc_stat
 		s++;
 	}
 
-	alloc_state->areas[u].pva = NULL;
+	if (u < alloc_state->areas_size)
+		alloc_state->areas[u].pva = NULL;
 
 	return 1;
 }
-- 
1.8.3.1