commit e9f386579d4da6ccc3fac21d0d87dbbeed4e3b98
author lei wang wang <leiwang211@gmail.com> Fri Aug 21 11:13:46 2015 +0800
committer Mark Salyzyn <salyzyn@google.com> Fri Aug 21 14:23:31 2015 +0000
tree 354f3ad28df9ef67e77de727d8dbbb13c2fbd5c2
parent f56e9ec28e1ffcdf57705b202a23e5e4ee713b5b

libsparse: use strcmp and validate last_used pointer

This patch is used to fix two Bugs in backed_block.c

First, fix wrong comparing string way: we should use strcmp rather than
just compare their address. Second, fix using illegal memory risk in
bbl->last_used pointer. When entering queue_bb function,
bbl->last_used = new_bb, but in the following code if
queue_bb(xx, bb, new_bb) return ok, the space of new_bb is released. So
next time, if you use bbl->last_used pointer, may cause segment fault !

Change-Id: I6abb505f9b903b697448639fc64fb7518df5cca1

libsparse/backed_block.c

diff --git a/libsparse/backed_block.c b/libsparse/backed_block.c
index 3e72b57..794cd6b 100644
--- a/libsparse/backed_block.c
+++ b/libsparse/backed_block.c
@@ -221,7 +221,8 @@
 		}
 		break;
 	case BACKED_BLOCK_FILE:
-		if (a->file.filename != b->file.filename ||
+		/* Already make sure b->type is BACKED_BLOCK_FILE */
+		if (strcmp(a->file.filename, b->file.filename) ||
 				a->file.offset + a->len != b->file.offset) {
 			return -EINVAL;
 		}
@@ -279,7 +280,10 @@
 	}
 
 	merge_bb(bbl, new_bb, new_bb->next);
-	merge_bb(bbl, bb, new_bb);
+	if (!merge_bb(bbl, bb, new_bb)) {
+		/* new_bb destroyed, point to retained as last_used */
+		bbl->last_used = bb;
+	}
 
 	return 0;
 }