From 2165186b93838e62f04113a44f24e5cc20c7dbc1 Mon Sep 17 00:00:00 2001 From: Andreas Dilger Date: Wed, 28 Jun 2017 11:12:28 -0600 Subject: [PATCH] LU-9715 libcfs: crash in cpu_pattern parsing code The for loop in cfs_cpt_table_create_pattern() that scans for brackets to count the number of cpts is broken. It will increment bracket beyond NULL and it will increment ncpt beyond the number of available cpts. This has been fixed. Test-Parameters: trivial Signed-off-by: Amir Shehata Signed-off-by: Andreas Dilger Change-Id: I87bc9de4c531c42c421e8e62edd881417dbcab07 Reviewed-on: https://review.whamcloud.com/27872 Tested-by: Jenkins Tested-by: Maloo Reviewed-by: Olaf Weber Reviewed-by: James Simmons Reviewed-by: Dmitry Eremin Reviewed-by: Oleg Drokin --- libcfs/libcfs/linux/linux-cpu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libcfs/libcfs/linux/linux-cpu.c b/libcfs/libcfs/linux/linux-cpu.c index 7db6a0f..d351eaa 100644 --- a/libcfs/libcfs/linux/linux-cpu.c +++ b/libcfs/libcfs/linux/linux-cpu.c @@ -925,8 +925,11 @@ static struct cfs_cpt_table *cfs_cpt_table_create_pattern(const char *pattern) } if (ncpt == 0) { /* scanning bracket which is mark of partition */ - for (bracket = str; bracket != NULL; bracket++, ncpt++) - bracket = strchr(bracket, '['); + bracket = str; + while ((bracket = strchr(bracket, '['))) { + bracket++; + ncpt++; + } } if (ncpt == 0 || -- 1.8.3.1