endian bug in lib/format/ataraid/nv.c

Bryn M. Reeves breeves at redhat.com
Thu Aug 16 12:33:34 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The current nvidia format handler breaks on big-endian platforms because
of a typo in nv.c:

static void to_cpu(void *meta)
{
        struct nv *nv = meta;
        unsigned int i = NV_SIGNATURES;
        struct nv_array_base *array = &nv->array;

        CVT32(nv->size);
        CVT32(nv->chksum);
        CVT16(nv->version);
        CVT32(nv->capacity);
        CVT32(nv->sectorSize);
        CVT32(nv->unitFlags);
        CVT32(array->version);

        while (i--); <--
                CVT32(array->signature[i]);

That semicolon causes us to exit the loop with i == 2^32 -1 and segfault
on the access to signatures[i], e.g:

(gdb) run -i -a y
Starting program: /usr/src/redhat/BUILD/dmraid/1.0.0.rc14/tools/dmraid
- -i -a y

Program received signal SIGSEGV, Segmentation fault.
0x0000000080016eba in to_cpu (meta=Variable "meta" is not available.
) at ./datastruct/byteorder.h:32
32      {
(gdb) bt
#0  0x0000000080016eba in to_cpu (meta=Variable "meta" is not available.
) at ./datastruct/byteorder.h:32
#1  0x0000000080009d9a in read_raid_dev (lc=0x80030270, di=0x800305c0,
f_read_metadata=Variable "f_read_metadata" is not available.
) at format/format.c:433
#2  0x000000008001746e in nv_read (lc=Variable "lc" is not available.
) at format/ataraid/nv.c:208
#3  0x000000008000ba7e in dmraid_read (lc=0x80030270, di=0x800305c0,
format=0x0,
type=FMT_RAID) at metadata/metadata.c:596
#4  0x000000008000bdcc in discover_raid_devices (lc=0x80030270,
devices=0x0) at
metadata/metadata.c:700
#5  0x0000000080005078 in perform (lc=0x80030270, argv=0x3fffffff9c8) at
commands.c:624
#6  0x000000008000438c in main (argc=4, argv=0x3fffffff9c8) at dmraid.c:34
(gdb) quit

Attached patch has been tested successfully on s390x.

Regards,
Bryn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFGxEQe6YSQoMYUY94RAiNxAKCJP0K9Y34JTrmv9tEDpE5Eyaj4MQCgpm63
Y7B4LQerzUnpvt/DIauUEkY=
=MfL3
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmraid-1.0.0.rc14-nv_big_endian.patch
Type: text/x-patch
Size: 302 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/ataraid-list/attachments/20070816/0abd25b3/attachment.bin>

More information about the Ataraid-list mailing list