LU-9715 libcfs: crash in cpu_pattern parsing code

The for loop in cfs_cpt_table_create_pattern() that scans
for brackets to count the number of cpts is broken. It will
increment bracket beyond NULL and it will increment ncpt
beyond the number of available cpts. This has been fixed.

Test-Parameters: trivial
Signed-off-by: Amir Shehata <amir.shehata@intel.com>
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Change-Id: I87bc9de4c531c42c421e8e62edd881417dbcab07
Reviewed-on: https://review.whamcloud.com/27872
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Olaf Weber <olaf.weber@hpe.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/libcfs/libcfs/linux/linux-cpu.c b/libcfs/libcfs/linux/linux-cpu.c
index 7db6a0f..d351eaa 100644 (file)
--- a/libcfs/libcfs/linux/linux-cpu.c
+++ b/libcfs/libcfs/linux/linux-cpu.c
@@ -925,8 +925,11 @@ static struct cfs_cpt_table *cfs_cpt_table_create_pattern(const char *pattern)
        }
 
        if (ncpt == 0) { /* scanning bracket which is mark of partition */
-               for (bracket = str; bracket != NULL; bracket++, ncpt++)
-                       bracket = strchr(bracket, '[');
+               bracket = str;
+               while ((bracket = strchr(bracket, '['))) {
+                       bracket++;
+                       ncpt++;
+               }
        }
 
        if (ncpt == 0 ||