Bug 220563

Summary: _raw_read_mda_header does not free struct mda_header *mdah in error paths
Product: Red Hat Enterprise Linux 4 Reporter: Dave Wysochanski <dwysocha>
Component: lvm2Assignee: Dave Wysochanski <dwysocha>
Status: CLOSED ERRATA QA Contact: Corey Marthaler <cmarthal>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: agk, dwysocha, jbrassow, lvm-team, mbroz, prockai
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0287 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-08 00:14:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dave Wysochanski 2006-12-22 02:36:37 UTC 
lib/format_text/format_text.c:

Should be calling dm_pool_free in error paths that return NULL below.


static struct mda_header *_raw_read_mda_header(const struct format_type *fmt,
					       struct device_area *dev_area)
{
	struct mda_header *mdah;

	if (!(mdah = dm_pool_alloc(fmt->cmd->mem, MDA_HEADER_SIZE))) {
		log_error("struct mda_header allocation failed");
		return NULL;
	}

	if (!dev_read(dev_area->dev, dev_area->start, MDA_HEADER_SIZE, mdah)) {
		stack;
		dm_pool_free(fmt->cmd->mem, mdah);
		return NULL;
	}

	if (mdah->checksum_xl != xlate32(calc_crc(INITIAL_CRC, mdah->magic,
						  MDA_HEADER_SIZE -
						  sizeof(mdah->checksum_xl)))) {
		log_error("Incorrect metadata area header checksum");
		return NULL;
	}

	_xlate_mdah(mdah);

	if (strncmp((char *)mdah->magic, FMTT_MAGIC, sizeof(mdah->magic))) {
		log_error("Wrong magic number in metadata area header");
		return NULL;
	}

	if (mdah->version != FMTT_VERSION) {
		log_error("Incompatible metadata area header version: %d",
			  mdah->version);
		return NULL;
	}

	if (mdah->start != dev_area->start) {
		log_error("Incorrect start sector in metadata area header: %"
			  PRIu64, mdah->start);
		return NULL;
	}

	return mdah;
}
Comment 1 Dave Wysochanski 2006-12-22 02:40:26 UTC 
This is actually upstream cvs - haven't checked rhel4 code actually but probably
a bug there as well.
Comment 2 Dave Wysochanski 2007-01-08 22:09:33 UTC 
Posted patch to lvm-devel
Comment 3 Dave Wysochanski 2007-01-17 21:37:40 UTC 
In Version 2.02.18 - 11th January 2007 and in brew
Comment 4 Dave Wysochanski 2007-01-22 17:31:46 UTC 
Verified this code is in brew, lvm2-2.02.19-1.el4.src.rpm
Comment 8 Red Hat Bugzilla 2007-05-08 00:14:21 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0287.html