From 6bc7e1965078579e9855f851254d67b3d8165784 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Fri, 7 Oct 2011 16:53:48 -0700
Subject: [PATCH] libparted: HFS/HFS+ probe: don't let a corrupt FS evoke
 failed assertion

* libparted/fs/hfs/probe.c (hfsplus_probe): Add a check on the
search value and reject it if it is negative.
(hfsx_probe): Likewise.
(hfs_and_wrapper_probe): Likewise.
Reported by Flos Lonicerae in http://bugzilla.redhat.com/714758
---
 libparted/fs/hfs/probe.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/libparted/fs/hfs/probe.c b/libparted/fs/hfs/probe.c
index 8c656cf..bf4d70b 100644
--- a/libparted/fs/hfs/probe.c
+++ b/libparted/fs/hfs/probe.c
@@ -82,7 +82,8 @@ hfs_and_wrapper_probe (PedGeometry* geom)
 		  + ((PedSector) PED_BE16_TO_CPU (mdb->total_blocks)
 		     * (PED_BE32_TO_CPU (mdb->block_size) / PED_SECTOR_SIZE_DEFAULT )));
 	max = search + (PED_BE32_TO_CPU (mdb->block_size) / PED_SECTOR_SIZE_DEFAULT);
-	if (!(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
+	if ((search < 0)
+	    || !(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
 		return NULL;
 
 	for (; search < max; search++) {
@@ -141,8 +142,9 @@ hfsplus_probe (PedGeometry* geom)
 		      - 2;
 		search = max - 2 * ( PED_BE32_TO_CPU (vh->block_size)
 				     / PED_SECTOR_SIZE_DEFAULT ) + 2;
-		if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
-						   search + 2)))
+		if ((search < 0)
+		    || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+						      search + 2)))
 			return NULL;
 
 		for (; search < max; search++) {
@@ -156,8 +158,9 @@ hfsplus_probe (PedGeometry* geom)
 		search = ((PedSector) PED_BE32_TO_CPU (vh->total_blocks) - 1)
 		      * ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT )
 		      - 1;
-		if (!ped_geometry_set (geom_ret, geom_ret->start,
-					       search + 2)
+		if ((search < 0)
+		    || !ped_geometry_set (geom_ret, geom_ret->start,
+					  search + 2)
 		    || !ped_geometry_read (geom_ret, buf, search, 1)
 		    || vh->signature != PED_CPU_TO_BE16 (HFSP_SIGNATURE)) {
 		    	ped_geometry_destroy (geom_ret);
@@ -213,8 +216,9 @@ hfsx_probe (PedGeometry* geom)
 		      * ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT )
 		      - 2;
 	search = max - ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT );
-	if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
-					   search + 2)))
+	if ((search < 0)
+	    || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+					      search + 2)))
 		return NULL;
 	for (; search < max; search++) {
 		if (!ped_geometry_set (geom_ret, geom_ret->start,
-- 
2.11.0